Did you know LQ has a Linux Hardware Compatibility List?
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 06-19-2012, 02:31 PM   #1
Registered: Mar 2011
Location: Argentina
Distribution: CentOS 5.8 32 Bits
Posts: 30

Rep: Reputation: 0
Is someone sending emails through my sendmail server??

Hi Im receiving some spam emails from my account on my hotmail inbox and when I check the email source code I guess that emails are being sended from my server, but Im not sure.

The worst of this is that the email passes the sender ID auth.

This is my server IP

This is my server hostname:

And here is the emails source code:

Authentication-Results:; sender-id=pass (sender IP is; dkim=none; x-hmca=pass
X-DKIM-Result: None
X-Message-Status: n:0:n
X-SID-Result: Pass
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0yO1NDTD0w
X-Message-Info: HY0JcSSCx0qdcQieKQEEJ96icece/ADXeT+EdM20O3KXArKunQxIslQa4axE6/ABqzrKJLr6CVjKCyeAYKRhvgrIq0AxaM4tlqpOvvJpMwhd/aQF8JxxI4Pvgu/bYTz0UlRssJn9E0RRCgCPM/7uOA==
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.4900);
	 Tue, 19 Jun 2012 12:09:05 -0700
Received: from ( [])
	by (8.13.8/8.13.8) with ESMTP id q5JHAJk1003683
	for <>; Tue, 19 Jun 2012 14:10:21 -0300
Received: from apache by with local (Exim 4.67)
	(envelope-from <<>>)
	for <>; Tue, 19 Jun 2012 20:09:03 +0100
To: <>
Subject: Learn how people in your profession can earn a 30% increase!
X-PHP-Script: for
From: <>
X-Sender: <>
X-Mailer: PHP
X-Priority: 1
Content-Type: text/plain; charset="us-ascii"
Message-Id: <>
Date: Tue, 19 Jun 2012 20:09:03 +0100
X-OriginalArrivalTime: 19 Jun 2012 19:09:05.0517 (UTC) FILETIME=[FEF001D0:01CD4E4E]

We invite you to work in the remote assistant position.

This work takes 2-3 hours per week and requires absolutely no investment.
The essence of this work for incoming client requests in your city.
The starting salary is about 2500 EUR per month + bonuses.

You get paid your salary every 2 weeks and your bonuses after fulfilling each task!

We guarantee work for everyone. But we accept applications this week only!
Therefore, you should write a request right now. And you will start earning money, starting from next week.

Please indicate in the request:
Your name:
Your email address:
City of residence:

Please send the request to my email,and I will answer you personally as soon as possible

Mel Tyler

Any help please, thanks!
Old 06-19-2012, 03:20 PM   #2
Senior Member
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 413Reputation: 413Reputation: 413Reputation: 413Reputation: 413
All of the email headers with the x- prefix are cpanel/exim config specific and in all honesty I never paid any attention to them. The real gritty stuff is the recieved by headers. These look to indicate the email IS being generated from the server itself and looks to be coming from Apache.

The first thing you should do is disable any contact or mail forms on your website to see if that resolves the issue. If it does you know where your problem lies and can start looking at sanitizing the form inputs to prevent people from compromising the site.

You can compare the timestamp of Tue, 19 Jun 2012 20:09:03 +0100 with your apache access logs, /var/log/httpd/access.log.

Once you find the IP of the guy who is abusing the form add an IPtable drop rule to drop his IPs connection.
1 members found this post helpful.
Old 06-19-2012, 03:22 PM   #3
Senior Member
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 413Reputation: 413Reputation: 413Reputation: 413Reputation: 413
After looking at your site, its wordpress... Very notorious for compromise of this fashion. Take a look at, customers of mine at the web host company I worked for have used it and have reported alot of success in protecting their contact forms.


email, sendmail

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
sendmail - Sending emails from the machine with name of the HOSTNAME Oz. Linux - Server 6 03-20-2012 03:36 AM
[SOLVED] sendmail sometimes sending emails and sometimes not Majed17 Linux - Server 24 11-08-2011 05:24 AM
Sendmail: sending emails to Yahoo problem mikeressan Linux - Server 5 04-11-2011 08:54 PM
sending/recieving emails with sendmail xushi Slackware 2 02-25-2004 04:44 PM
Sendmail not sending emails, errorlog hydro Linux - Software 8 06-20-2003 05:48 PM

All times are GMT -5. The time now is 02:06 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration