This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

port 25 blocked due to spam
#1
port 25 blocked due to spam
My VPS provider has blocked my Port 25 due to spam. I have gone over a few threads in these forums to try and work out what I can do to sort the issue.
It should be noted that I have had the problem before around 6 months ago. I updated all instances of wordpress that were in use on the server and everything seemend dandy, no more problems until now.

I have just updated them again and deleted the post queue. But I can see that mails are still being generated from one domain in particular. This domain in fact has not CMS in place and is currently just presenting the default sentora welcome page.

I have run clamav on my home dir and nothing was discovered.

I am running the most recent version of sentora 1.0.3.

An example of the kind of mail thats being output:
Quote:*** ENVELOPE RECORDS active/3E7C76EDB3 ***
message_size:            4499             225               1               0            4499
message_arrival_time: Sun Dec 11 16:42:22 2016
create_time: Sun Dec 11 16:42:22 2016
named_attribute: log_message_origin=local
named_attribute: trace_flags=0
sender:
original_recipient: jim@mydomain.com
recipient: jim@mydomain.com
*** MESSAGE CONTENTS active/3E7C76EDB3 ***
regular_text: Received: by myvps.net (Postfix)
regular_text:   id 3E7C76EDB3; Sun, 11 Dec 2016 16:42:22 +0100 (CET)
regular_text: Date: Sun, 11 Dec 2016 16:42:22 +0100 (CET)
regular_text: From: MAILER-DAEMON@myvps.net (Mail Delivery System)
regular_text: Subject: Delayed Mail (still being retried)
regular_text: To: jim@mydomain.com
regular_text: Auto-Submitted: auto-replied
regular_text: MIME-Version: 1.0
regular_text: Content-Type: multipart/report; report-type=delivery-status;
regular_text:   boundary="18E2610EC0C.1481470942/myvps.net"
regular_text: Content-Transfer-Encoding: 7bit
regular_text: Message-Id: <20161211154222.3E7C76EDB3@myvps.net>
regular_text:
regular_text: This is a MIME-encapsulated message.
regular_text:
regular_text: --18E2610EC0C.1481470942/myvps.net
regular_text: Content-Description: Notification
regular_text: Content-Type: text/plain; charset=us-ascii
regular_text:
regular_text: This is the mail system at host myvps.net.
regular_text:
regular_text: ####################################################################
regular_text: # THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #
regular_text: ####################################################################
regular_text:
regular_text: Your message could not be delivered for more than 4 hour(s).
regular_text: It will be retried until it is 5 day(s) old.
regular_text:
regular_text: For further assistance, please send mail to postmaster.
regular_text:
regular_text: If you do so, please include this problem report. You can
regular_text: delete your own text from the attached returned message.
regular_text:
regular_text:                    The mail system
regular_text:
regular_text: <leonirina@purehumour.com>: connect to purehumour.com[207.148.248.143]:25:
regular_text:     Connection timed out
regular_text:
regular_text: <jonturner@turnerandco.co.uk>: connect to
regular_text:     avas.ergonet.it[149.3.144.155]:25: Connection timed out
regular_text:
regular_text: --18E2610EC0C.1481470942/myvps.net
regular_text: Content-Description: Delivery report
regular_text: Content-Type: message/delivery-status
regular_text:
regular_text: Reporting-MTA: dns; myvps.net
regular_text: X-Postfix-Queue-ID: 18E2610EC0C
regular_text: X-Postfix-Sender: rfc822; jim@mydomain.com
regular_text: Arrival-Date: Sat, 10 Dec 2016 16:07:08 +0100 (CET)
regular_text:
regular_text: Final-Recipient: rfc822; leonirina@purehumour.com
regular_text: Original-Recipient: rfc822;leonirina@purehumour.com
regular_text: Action: delayed
regular_text: Diagnostic-Code: X-Postfix; connect to purehumour.com[207.148.248.143]:25:
regular_text:     Connection timed out
regular_text: Will-Retry-Until: Thu, 15 Dec 2016 16:07:08 +0100 (CET)
regular_text:
regular_text: Final-Recipient: rfc822; jonturner@turnerandco.co.uk
regular_text: Original-Recipient: rfc822;jonturner@turnerandco.co.uk
regular_text: Action: delayed
regular_text: Status: 4.4.1
regular_text: Diagnostic-Code: X-Postfix; connect to
regular_text:     mail.st-hereford.co.uk[81.138.173.102]:25: Connection timed out
regular_text: Will-Retry-Until: Thu, 15 Dec 2016 16:07:08 +0100 (CET)
regular_text:
regular_text: Final-Recipient: rfc822; jbutler@ccs.k12.nc.us
regular_text: Original-Recipient: rfc822;jbutler@ccs.k12.nc.us
regular_text: Action: delayed
regular_text: Status: 4.4.1
regular_text: Diagnostic-Code: X-Postfix; connect to
regular_text:     alt2.aspmx.l.google.com[2404:6800:4003:c02::1a]:25: Network is unreachable
regular_text: Will-Retry-Until: Thu, 15 Dec 2016 16:07:08 +0100 (CET)
regular_text:
regular_text: Final-Recipient: rfc822; product.manager@eurofarm-spa.com
regular_text: Original-Recipient: rfc822;product.manager@eurofarm-spa.com
regular_text: Action: delayed
regular_text: Status: 4.4.1
regular_text: Diagnostic-Code: X-Postfix; connect to avas.ergonet.it[149.3.144.155]:25:
regular_text:     Connection timed out
regular_text: Will-Retry-Until: Thu, 15 Dec 2016 16:07:08 +0100 (CET)
regular_text:
regular_text: --18E2610EC0C.1481470942/myvps.net
regular_text: Content-Description: Undelivered Message Headers
regular_text: Content-Type: text/rfc822-headers
regular_text: Content-Transfer-Encoding: 7bit
regular_text:
regular_text: Return-Path: <jim@mydomain.com>
regular_text: Received: from localhost (unknown [127.0.0.1])
regular_text:   by myvps.net (Postfix) with ESMTP id 18E2610EC0C;
regular_text:   Sat, 10 Dec 2016 15:07:08 +0000 (UTC)
regular_text: X-Virus-Scanned: amavisd-new at myvps.net
regular_text: Received: from myvps.net ([127.0.0.1])
regular_text:   by localhost (mail.myvps.net [127.0.0.1]) (amavisd-new, port 10024)
regular_text:   with ESMTP id vevNUZIcRvNR; Sat, 10 Dec 2016 16:06:48 +0100 (CET)
regular_text: Received: from [127.0.0.1] (unknown [211.43.60.229])
regular_text:   by myvps.net (Postfix) with ESMTPA id 190BC10EC11;
regular_text:   Thu,  8 Dec 2016 19:38:22 +0100 (CET)
regular_text: From: jim@mydomain.com
regular_text: To: leonirina@purehumour.com
regular_text: Cc: ricksterlee@verizon.net
regular_text: Subject: passage happy life
regular_text: Message-ID: <E8CB831C.D1F4D7BC06388AF1@mydomain.com>
regular_text: X-Priority: 3
regular_text: Importance: Normal
regular_text: Date: Thu, 8 Dec 2016 18:38:13 -0800
regular_text: Content-Type: multipart/alternative;
regular_text:  boundary="--InfrawareEmailBoundaryDepth1_30D898B9--"
regular_text: MIME-Version: 1.0
regular_text: X-Mailer: Infraware POLARIS Mobile Mailer v2.5
regular_text:
regular_text: --18E2610EC0C.1481470942/myvps.net--
*** HEADER EXTRACTED active/3E7C76EDB3 ***
*** MESSAGE FILE END active/3E7C76EDB3 ***


Any pointers as to how/where these are being generated?

Cheers - Jim
Reply
Thanks given by:
#2
RE: port 25 blocked due to spam
actually just run a scan on / as opposed to /home and it's  found loads !
Here's a slice 
Quote:/var/sentora/vmail/mydomain.com/jim/cur/1471268924.M774576P18239.myvps.net,S=48391,W=49090:2,: Doc.Dropper.Agent-1619413 FOUND
/var/sentora/vmail/mydomain.com/jim/cur/1471268924.M774576P18239.myvps.net,S=48391,W=49090:2,: Removed.
/var/sentora/vmail/mydomain.com/jim/cur/1471448859.M585418P13283.myvps.net,S=67886,W=68830:2,: Doc.Dropper.Agent-1631336 FOUND
/var/sentora/vmail/mydomain.com/jim/cur/1471448859.M585418P13283.myvps.net,S=67886,W=68830:2,: Removed.
/var/sentora/vmail/mydomain.com/jim/cur/1471448994.M79981P13299.myvps.net,S=68160,W=69108:2,: Doc.Dropper.Agent-1624405 FOUND
/var/sentora/vmail/mydomain.com/jim/cur/1471448994.M79981P13299.myvps.net,S=68160,W=69108:2,: Removed.
/var/sentora/vmail/mydomain.com/jim/cur/1471449473.M795831P13384.myvps.net,S=67754,W=68696:2,: Doc.Dropper.Agent-1624013 FOUND
/var/sentora/vmail/mydomain.com/jim/cur/1471449473.M795831P13384.myvps.net,S=67754,W=68696:2,: Removed.
/var/sentora/vmail/mydomain.com/jim/cur/1471449564.M617982P13397.myvps.net,S=67756,W=68698:2,: Doc.Dropper.Agent-1624013 FOUND
/var/sentora/vmail/mydomain.com/jim/cur/1471449564.M617982P13397.myvps.net,S=67756,W=68698:2,: Removed.
How do these things get on there ?

Jim
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Sentora Email Setup - EMAIL DOESN'T GO TO SPAM james30263 0 3 ,480 09-15-2018, 01:20 PM
Last Post: james30263
sent out mails going to junk/spam Roma 4 11 ,077 08-10-2017, 12:57 AM
Last Post: Roma
Spam email complaint lighto 4 12 ,678 05-20-2017, 01:32 AM
Last Post: stra2017

Forum Jump:


Users browsing this thread: 1 Guest(s)