Spam from my server

Question

I have exim and dovecot on my server installed with directadmin. Some users use it to send spam.

How can i disabled this and remove my server from abuse.

info from mainlog

2010-07-07 13:00:16 1OWSEF-0002aw-Gh => info F= R=virtual_user T=virtual_localdelivery S=2252 2010-07-07 13:00:16 1OWSEF-0002aw-Gh Completed

and from message headers

1OWSbZ-000315-FM-H
mail 8 8
<ishasanya@hotmail.com>
  1278501353 0
  -helo_name snt0-omc1-s49.snt0.hotmail.com
  -host_address 65.54.61.86.43647
  -host_name snt0-omc1-s49.snt0.hotmail.com
  -interface_address xxx.xxx.xxx.xxx
  -received_protocol esmtp
  -body_linecount 32
  -max_received_linelength 405
  -deliver_firsttime
  XX
  1
  info@****.com

  216P Received: from snt0-omc1-s49.snt0.hotmail.com ([65.54.61.86])
  by xxx.xxx.xxx.xxx with esmtp (Exim 4.69)
  (envelope-from <ishasanya@hotmail.com>)
    id 1OWSbZ-000315-FM
    for info@****.com; Wed, 07 Jul 2010 13:15:53 +0200
    147P Received: from SNT101-W13 ([65.55.90.9]) by snt0-omc1-s49.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
    Mon, 5 Jul 2010 04:49:07 -0700
    058I Message-ID: <SNT101-W139D12A2ED9AE344214C04B8B10@phx.gbl>
      035* Return-Path: ishasanya@hotmail.com
      088  Content-Type: multipart/alternative;
      boundary="_98a72e16-f4ad-4040-b007-d6c101b0731b_"
      036  X-Originating-IP: [182.114.208.252]
      045F From: isaac shasanya <ishasanya@hotmail.com>
        028T To: <info.sto.pl@stoeu.com>
          059  Subject: =?gb2312?Q?Dear_Frien?= =?gb2312?B?ZDog0OnS4L+o?=
          037  Date: Mon, 5 Jul 2010 11:49:07 +0000
          019  Importance: Normal
          018  MIME-Version: 1.0
          084  X-OriginalArrivalTime: 05 Jul 2010 11:49:07.0384 (UTC) FILETIME=[13115380:01CB1C38]

[Administration panels are off topic](http://serverfault.com/help/on-topic). [Even the presence of an administration panel on a system,](http://meta.serverfault.com/q/6538/118258) because they [take over the systems in strange and non-standard ways, making it difficult or even impossible for actual system administrators to manage the servers normally](http://meta.serverfault.com/a/3924/118258), and tend to indicate low-quality questions from *users* with insufficient knowledge for this site. — HopelessN00b, Apr 03 '15 at 17:02

score 1 · Answer 1 · answered Jul 30 '10 at 22:16

It looks this is an inbound email. It's not sent from your server, but from hotmail.com

Received: from snt0-omc1-s49.snt0.hotmail.com

Look the direction, the email was sent to the user info.., I guess it means info.sto.pl@stoeu.com and it is your user, right?

OWSEF-0002aw-Gh => info

045F From: isaac shasanya 028T To:

score 0 · Answer 2 · answered Jul 07 '10 at 15:54

0

How about spam filters?

http://marc.merlins.org/linux/exim/sa.html

http://johannes.sipsolutions.net/Projects/dovecot-antispam

answered Jul 07 '10 at 15:54

James Santiago

876
5
11

score 0 · Answer 3 · answered Jul 17 '10 at 11:02

0

Use an Outbound Email Security service. This will make sure that your users cannot mis-use your server to send SPAM.

answered Jul 17 '10 at 11:02

Srikrishnan Chitoor

499
2
2

score 0 · Answer 4 · answered Jul 28 '10 at 09:01

0

If they target your users with Spam, install a Spam filter (as in James Santiago's post)

If your server is being used to send spam to other users you might be running an open relay.

answered Jul 28 '10 at 09:01

ndrix

199
3

+1 - I agree check that your only serving mail for authorised users! – JamesK Jul 28 '10 at 14:57

Spam from my server

4 Answers4