Security :: Ip Is Blocked For Sending Spam
Nov 18, 2010
We have a spam in our network and we installed antivirus in all our systems and cleaned the virus from all pc's after that i had removed my ip from the database of blocked ip's but still my ip is blocked for sending spam i don't know from which pc the spam is going on the internet.
so i have a question that my proxy server is redhat linux and as a newbie i don't know the command's to find out which pc is creating large bandwidth to the internet. If you tell the command how to see which pc is sending spam then i will discard that pc. Also i want a strong firewall to stop spam activities.
View 6 Replies
ADVERTISEMENT
Apr 30, 2009
I just setup SpamAssassin and what not following this tutorial
[URL]
I am using CentOS 5.3. I was half way through that and got an email that had ***SPAM*** in the subject. Haven't received any more. First of all I want to know if spam will still get delivered, and just have a modified subject. Second, I want to know how to set it up so Spam goes to a user's spam mailbox (Virtual Users). And third of all, is it possible to disable spam filtering on a user basis, preferably using MySQL tables? Is it possible for users to mark a message as spam, and all further messages sent from that address will be sent to spam folder but only for that user?
EDIT: Yes spam is getting delivered with a modified header, on the server site, how can i deliver to spam folder? how to create IMAP virtual mailboxes on request without having to send an email to them first? Using virtual users with Courier Imap
View 3 Replies
View Related
Jul 3, 2011
We have a vpn that is accessible to anyone. We already block port 25, 587 and 465. But I am still receiving spam reports. I believe that the users of my vpn is infected by a virus or something that sends spam. Are there any other ways that spammer send spam mails without using the smtp ports?
My guess is that they are trying to send it by accessing a webmail. Have you heard of anything like that? how to block spam?
View 1 Replies
View Related
Oct 16, 2010
I just saw that my network is slowed so I watches the /var/log/squid/access.log where I get this line continuously....
[Code]....
I thought that someone running any script so I disconnect all my LAN connection (simply removed the local lan cable) but I saw the connections is going on....so I watch the processes on proxy server but nothing suspicious....So I change my static IP and the spamming stops (I say it is spam b'coz the IP 203.188.197.10 is of yahoomail.com ) but I when I am putting my OLD ip back the connection starts again......I want to put back my old static IP b'coz I have configured it for many services. Is there any spyware on my machine or someone configured my IP?
View 3 Replies
View Related
Jul 18, 2011
im using the latest version of thunderbird, & can receive messages ok but cant send.
it just says "sending....." & nothing else. yesterday I left it for over an hour - nothing happens.
I've been advised it may be with my firewall (I do not remember setting one up on this PC - my other Pc broke the last few days ago)..
Q1. How do i know if i have a firewall installed on Ubuntu.
q2. How do i tell it to allow Thunderbird to send ?
Q3. any other reason why Thunderbird may be blocked from sending. (the server settings on thunderbird are OK )
View 9 Replies
View Related
Mar 4, 2011
The mail server keeps getting locked up with tens of thousands of spam emails.So, i followed some instructions similar to this : [URL]I can clear the queue spams, easy, but after an hour or so the server is dead again.. not receiving emails and not sending out emails.
Code:
Received: (qmail 356 invoked by uid 509); 4 Mar 2011 21:39:10 +0800
Received: from 125.110.124.51 by host1.wemotor.com (envelope-from <oiazfkdvd@yahoo.com.tw>, uid 508) with qmail-scanner-1.25-st-qms
Received: from unknown (HELO 202.46.116.119) (125.110.124.51)
[code]....
View 3 Replies
View Related
Sep 29, 2010
All the emails I send from my linux server end up in the recipient's spam folder....Although I have tried many howtos etc and checked all blacklists... It doesn't work...
View 3 Replies
View Related
Dec 26, 2010
When i run
Code:
I sometimes see
Code:
So i'm wondering if this means my ubuntu server box is being used for spam or something? There are no other (human) users on the computer and i don't use it to send mails.
I've run
Code:
In paranoia, but still when i run
Code:
I get
Code:
And sometimes
Code:
Just thought i should ask before starting the tedious process of reinstalling and restoring the system.
View 2 Replies
View Related
Mar 8, 2010
I, as many here, have friends on different IM accounts (and btw, so great that we have pidgin and empathy and not have to deal with 3 different softwares to talk to them) and of all that I have... which are not so many... one of them sends me spam, not all the time, but it happens and I kind of feel sorry for her so I'd like to see if there's a way for her to retake control of her account or if she can't do anything at all with it.
I have other friends in MSN but I get spam only from her and she's given up on how to fix it cause she doesnt know how to. I did a search (and keep looking for more in the web) and so far it doenst look promising (but is also because I dont know what else to do). The problem is I get messages which I know for sure are spam, cause her english is more limited and the messages are very polished in that regard.
I got this from another discussion elsewhere: "troutbot = These bots get your IM from scraping the Internet screenname and connect you randomly to someone else. While you're talking to the troutbot, they're just an intermediary connecting you to some other guy who also had his IM scraped." So far the times I get spam... the other side never answers, but if my friend is online she can. I thought that on these IM services... if you are logged in nobody else can log in with your username/password...
View 4 Replies
View Related
Jan 24, 2011
We operate a small ISP and are currently using a debian distro as our gateway server.Recently we have had an increased number of spam issues with customers (not them sending it directly, rather the customer getting infected with a virus/malware and then their computer becoming a bot).I'd like to set up another gateway of sorts to sit after our authentication gateway but before our backbone to provide spam filtering (and hopefully virus filtering) for any traffic passing through which might be email.I've tried searching for any linux based software which would suit, but I'm coming up empty.
Surely there's something already out there which can perform this task.Finally, just to clarify, I'm not talking about spam filtering for email accounts we host ourselves (this is built into our mail server); I'm talking about spam originating from customers PC's which is passing through our gateway (but not our mail server).
View 1 Replies
View Related
May 3, 2010
After reading everything that says you don't need an anti-virus for Linux. OR Linux doesn't get viruses. Guess what I have a Virus. I don't know which one, but it is sending out spam emails from my webmail, MSN, account. I do not have a local client installed. I am guessing it is linking into MSN through Pidgin, getting the addresses there, and sending the spam, somehow, through MSN. Actually one MSN and one Hotmail account. I also have not been able to find an anti-virus program for Ubuntu. There do not seem to be any listed in the software repositories that Ubuntu links into. How do I get rid of it? My contacts are starting to get upset.
View 9 Replies
View Related
Jan 25, 2010
Take a peek at this:
Code:
Jan 23 20:15:01 localhost CRON[22629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 23 20:15:01 localhost CRON[22629]: pam_unix(cron:session): session closed for user root
[code]....
View 3 Replies
View Related
Sep 21, 2010
Is there anyway i can ssh/rdp/telnet into my server from the outside bypassing comcast ALL blocked ports
View 1 Replies
View Related
Oct 7, 2010
I have a server with a couple of sites on it. Some of them have a webform where people can send them emails that they are interested in their work etc. though the "To:" and "From:" adress can't be change by the enduser, you can only enter text and press send. However it seems that someone (not on the server) has found a hole/exploit to use those webforms to send mails to who ever he wants.. I have the webserver setup with ssmtp (simple smtp) and it just forwards the mail sent from the server to my mail-server and there on it sends it out on the internet. If I check my log on the mail-server I can see the whole smtp session, where it's comming from and where it's going etc. I see that it comes from my webserver and over there I only have these log entries:
Oct 6 22:04:47 ettan2 sSMTP[1771]: Sent mail for itaumail@itau.com.br (221 2.0.0 Bye) uid=204 username=torget outbytes=3290
There are loads of those log entries, mostly at after office-hours between 17:00 and 7:00 I have scanned through all the Apache logs and can't find Anything that point to the e-mail addresses used or something like that. The reason I found this out was because he tries to send to a host that doesn't allow connection on port 25 so all the mails got stuck in the queue, over 1000 atm.. I'm using Apache 2.2 and Postfix 2.6 on a Debian Lenny install. What can I do to find out how he's doing this and close the "exploit"? Who would you recommend to setup the mail() thing in PHP for most security?
View 6 Replies
View Related
Jun 7, 2011
I've setup the Uncomplicated Firewall (UFW) on Ubuntu 10.04 LTS and blocked an IP address. UFW status shows that the firewall is active and the IP in question is denied. The issue is that I'm seeing the blocked IP address in my Apache logs.
View 1 Replies
View Related
Jun 18, 2009
If I use my current iptables firewall settings my php includes from my own site get blocked by the firewall. If I use accept all tcp and udp it still does not work. If I use a default policy of accept all, then the php includes work which is not safe. I am running a drupal 6 site on a centos 5.3 vps with apache 2.2.0 and php 5.2.6 w/ safe mode on. He is my current iptable configuration.
Quote:
Chain VZ_FORWARD (1 references)
target prot opt source destination
Chain VZ_INPUT (1 references)
target prot opt source destination
[code]....
View 2 Replies
View Related
Mar 11, 2010
I have installed MoBlock as instructed here: [URL]
After installation I created my own list file in /etc/blockcontrol/custom-blocklist.p2p and have the following uncommented at the bottom of /etc/blockcontrol/blocklists.list:
Code:
locallist /etc/blockcontrol/custom-blocklist.p2p
The list contains the following 2 entries:
Code:
Yahoo:98.137.149.56
Google:74.125.47.147
When I do:
[Code].....
Recently I just noticed that the locallist rules seem to have no effect. I will always get "destination port unreachable" even if the locallist entry in blocklists.list is commented out.
However, whenever I try to browse to that IP, even when blockcontrol is on, even by typing the IP into Konqueror (not the domain name), it lets me go there every time. How can I know that my other applications will not to do the same thing? How can I lock this down and test it empirically to be sure?
View 1 Replies
View Related
Sep 17, 2010
I don't know is this the right place to ask, but i must ask some questions Here's my problem.I'm a student in highscool,and here we use Linux(ubuntu) OS .Every classroom has like 30 PC's connected with the main computer(the teacher's one) so....3 days ago we were forbidden access to some websites it says This domain is Blocked.By the way the Linux version installed is 7.04(feisty Fawn) i tried disable cookies that did not worked,also tried to whitelist some website,that also didn't worked out
View 7 Replies
View Related
Feb 26, 2010
I followed this How To (https://help.ubuntu.com/community/Postfix) in order to add smtp authentication to my Postfix installation used as spam filter for my exhange server, and it'seem all ok; the only thing that I don't understand is where I list all the users (with passwords) that I authorize to send mail through my server...
View 3 Replies
View Related
Mar 17, 2010
On April 10, 2010, I upgraded some packages on my Ubuntu 9.04 server. This included an upgrade to "ufw 0.27-0ubuntu2". I rebooted the server, and all appeared to be fine.
Now I've noticed that UFW is not logging blocked packets since that reboot. It used to do this. It is still logging the allowed packets that I've configured it to log.
Here's what a "ufw status verbose" says code...
View 2 Replies
View Related
Dec 8, 2010
I come to Ubuntu with the notion that it is much more secure than Windows. In XP I had an anti-virus, third-party firewall and sundry softwares against spybots, rootkits etc. The anitivirus blocked the suspicious web pages while browsing. I generally avoided public networks, carrying a portable internet device Do I need similar stuff with Ubuntu.
View 9 Replies
View Related
Aug 25, 2009
I currently have the following email server set up:
Postfix with mysql backend
Dovecot
clamav
spamassassin
amavisd
And it all works great. However I would like it for amavisd to forward all the marked spam into a folder on each user account, but I cannot figure this out.
View 5 Replies
View Related
Jul 26, 2010
On my website/blog I've gotten a couple of comments having what seems to be regular content (name, mail, message), but where the sender website field is set to "http://Yourwebsite". I find it strange that two comments from separate individuals fill the sender website field with this text. Is this possible to find out if these comments are spam or not? Based on the messages alone they don't seem to be, even though it is possible. From what I know the comments code don't enter this value by default.
View 2 Replies
View Related
Jun 29, 2010
Currently I'm having a problem with a box which keep sending spams all over the world. yesterday we upgraded some drupal modules (which can send email), and the spam quantity reduced. But still some spams keep on going out from our server. Some of them even have attachment.
Some of them sent using accounts that never exist at our server (e.g. strager@mydomain.com), and some of them are from 'nobody'. what to check, or where to look. I've check the MX-Records and there was no strange forwarders. Really stuck here...
View 9 Replies
View Related
Jul 29, 2009
When I get on the internet with Mozilla I am getting advertising that mentions the city I live in. How is that information being sent from my computer and how can I stop it? Is this in a file I can edit or delete?
View 14 Replies
View Related
Apr 13, 2010
I've got a strange problem. I have a number of linux boxes - main running Gentoo, a couple of others running Mint and a new one running Kubuntu 9.10.All, except the new one, connect to my hosted remote server through FTP, FISH or SSH without any problem.However the new machine will connect to my remote server, via fish, but then gets immediately disconnected. I have discovered, via my hosting company, that it is flooding the connection and looking in my Router log I can see:Quote:1. 2010.04.13 03:24:42 **SYN Flood to Host** 10.10.xxx.xxx, 38299->> 209.85.xxx.xxx, 80 (from ATM Outbound)If I connect first through SSH on this machine it is fine and I can navigate through the remote filesystem. If I connect through FISH using either Konqueror or Dolphin, I get an initial file listing and then the remote firewall kicks in and blacklists my IP address for half an hour.Does anyone have any ideas why this may be happening? Once I'm blacklisted I cannot make any connection, from any machine on my external IP address - whether it is HTTP, FTP, SSH
View 2 Replies
View Related
Apr 13, 2010
i m using centos 5.4 for Data Server, there i hv shared a directory to store data. i want, when ever owner of that data does delete any thing from directory, system should send me a mail with logs of that deletion action with the detail some thing like bellow
1- IP of system, from where owner did access the server and delete the data.
2- Date, Time and Name of File with Path.
These logs should be sent me by email automatically.
View 2 Replies
View Related
Jul 17, 2009
In my network I have 25 workstations and some serves. Everything working in local LAN with firewall. The problem is that on one machine (I dont know which one) is installed software which sending data to the internet. Actually I dont know what it is. Last time as I remember was trojan which can create new network interfaces in windows and send some data to the internet. The half speed of my network connection is used by this infected machine. How can I detect which machine it is? How can I listen/capture some traffic and analyze from which machine I have more connections.
Please take a look on this time. Instead of 141-150ms should be 4-5ms.
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=1 ttl=249 time=141 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=2 ttl=249 time=135 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=3 ttl=249 time=147 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=4 ttl=249 time=127 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=5 ttl=249 time=156 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=6 ttl=249 time=129 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=7 ttl=249 time=188 ms
How can I detect which machine is infected using only linux and keyboard ?
View 5 Replies
View Related
Aug 19, 2009
i configured sendmail with squirrelmail in RHEL5.3
it is working fine. i can send the mail and receive the mail .
but when i try to send the mail a selinux error is coming[but mail is sending successfully ]. i don't under stand this message.
Quote:
Summary:
SELinux is preventing sendmail (system_mail_t) "read" to eventpoll (httpd_t).
Detailed Description:
SELinux denied access requested by sendmail. It is not expected that this access is required by sendmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for eventpoll,
restorecon -v 'eventpoll'
If this does not work, there is currently no automatic way to allow this access.Instead, you can generate a local policy module to allow this access - see FAQ(url) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended.Please file a bug report (url) against this package.
Additional Information:
Source Context system_u:system_r:system_mail_t
Target Context system_u:system_r:httpd_t
Target Objects eventpoll [ file ]
Source sendmail
Source Path /usr/sbin/sendmail.sendmail
Port <Unknown>
code....
View 3 Replies
View Related
Jun 13, 2011
I just got control over a server that was hacked several months back. The other day we started receiving rejected emails sent from my server to a yahoo email address that is no longer active that contained users login information. I am trying to find the process that is sending these emails. So far its been like finding a needle in a haystack. The email that is being sent is appending the login information each time it is sent so there must be a local file that contains this information. I have tried using grep and find without any luck.
View 2 Replies
View Related
