Block outgoing email

iamfish · 11-22-2009, 11:30 AM

my server sends a lot of spam mails recently and i am no ideas what's wrong it is. i receive my isp's complaint as AOL report that my server is keeping to send spam mail.

now, i would like to know is there any methods to prevent sending email to specific domains? e.g. aol.com

second, how to trace the sender of spam mail?

this is a part of qmail log
*****************************
Nov 22 15:56:59 server qmail: 1258876619.407107 starting delivery 25732: msg 19089508 to remote oneflatiron@aol.com
Nov 22 15:56:59 server qmail: 1258876619.407183 status: local 0/10 remote 12/20
Nov 22 15:56:59 server qmail: 1258876619.408313 starting delivery 25733: msg 19089508 to remote onehitsong@aol.com
Nov 22 15:56:59 server qmail: 1258876619.408384 status: local 0/10 remote 13/20
Nov 22 15:56:59 server qmail: 1258876619.409860 starting delivery 25734: msg 19089508 to remote oneixgrunt@aol.com
Nov 22 15:56:59 server qmail: 1258876619.409927 status: local 0/10 remote 14/20
Nov 22 15:56:59 server qmail: 1258876619.411165 starting delivery 25735: msg 19089508 to remote onelowdraggins10@aol.com
Nov 22 15:56:59 server qmail: 1258876619.411242 status: local 0/10 remote 15/20
Nov 22 15:57:01 server qmail: 1258876621.228044 delivery 25731: deferral: 205.188.155.72_failed_after_I_sent_the_message./Remote_host_said:_421-:__(RLY:CH)__http://postmaster.info.aol.com/errors/554rlych.html/421_SERVICE_NOT_AVAILABLE/
Nov 22 15:57:01 server qmail: 1258876621.228134 status: local 0/10 remote 14/20
Nov 22 15:57:01 server qmail: 1258876621.240484 delivery 25728: deferral: 205.188.159.216_failed_after_I_sent_the_message./Remote_host_said:_421-:__(RLY:CH)__http://postmaster.info.aol.com/errors/554rlych.html/421_SERVICE_NOT_AVAILABLE/
*****************************

this is spam mail header
*****************************
Return-Path: <BPOL@poste.it>
Received: from rly-dd07.mx.aol.com (rly-dd07.mail.aol.com [172.19.141.154]) by air-dd04.mail.aol.com (v125.7) with ESMTP id MAILINDD041-b8e4b06f3a43a7; Fri, 20 Nov 2009 14:53:21 -0500
Received: from mydomain.com (mydomain.com [2xx.xxx.xxx.xxx]) by rly-dd07.mx.aol.com (v125.7) with ESMTP id MAILRELAYINDD078-b8e4b06f3a43a7; Fri, 20 Nov 2009 14:53:09 -0500
Received: (qmail 12162 invoked from network); 14 Nov 2009 22:38:18 +0800
Received: from unknown (HELO User) (94.52.185.94)
by mydomain.com with SMTP; 14 Nov 2009 22:38:18 +0800
Reply-To: <BP0L@poste.it>
From: "BPOL@poste.it"<BPOL@poste.it>
Subject: nuova gamma completa di servizi online
Date: Sat, 14 Nov 2009 16:38:07 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AOL-IP: 2xx.xxx.xxx.xxx
Message-ID: <200911201453.b8e4b06f3a43a7@rly-dd07.mx.aol.com>
To:
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by imr-da05.mx.aol.com id nAKL20R7031045
*****************************

ps: i am using qmail

many many thanks for your help

wfh · 11-23-2009, 04:36 AM

As for tracing the origin of spam, good luck. I filter 98% of traffic on one of my servers using SpamAssassin. Spammers are very good at hiding their origins, using compromised hosts, open relays, etc.

It sounds like you have a misconfiguration in qmail.

Start by testing your server and see if it is configured as an open relay:

Mail relay testing