-2

I have a server running ISPConfig 3.1.2 which hosts roughly 8 sites (some Wordpress some custom).

Over the last month I have been receiving spam email the server host name. So for example I have a server called server3.myserver.co.uk. I have never set any email accounts up with this domain but I email's are coming through from Samuel@server3.myserver.co.uk and Justin@server3.myserver.co.uk.

These emails are typically trying to sell Male Pills. An example subject would be 'Male Pills Review & Advice'.

I have tried to see if my server has an open relay which it doesn't. I have also searched through logs and emails using the grep and the spam email address and cannot find the source of the problem.

Can anybody help me with a next step to try?

I have added an example email header if this helps.

Return-Path: <urlpoesx@heijmans.nl>
Delivered-To: jason@mywebsite.co.uk
Received: from localhost (localhost.localdomain [127.0.0.1])
        by ks3.myhosting.co.uk (Postfix) with ESMTP id 634971A40231
        for <jason@mywebsite.co.uk>; Sun, 15 Jan 2017 12:58:58 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at ks3.myhosting.co.uk
X-Amavis-Alert: BAD HEADER SECTION, Missing required header field: "Date"
Received: from ks3.myhosting.co.uk ([127.0.0.1])
        by localhost (ks3.myhosting.co.uk [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id 5r6uaFTvDmKE for <jason@mywebsite.co.uk>;
        Sun, 15 Jan 2017 12:58:55 +0000 (GMT)
Received: from heijmans.nl (unknown [61.182.116.30])
        by ks3.myhosting.co.uk (Postfix) with ESMTP id E39291A4022D
        for <jason@mywebsite.co.uk>; Sun, 15 Jan 2017 12:56:45 +0000 (GMT)
X-Message-Info: 1jHVeH08Utdgiu2vViM0IP3sZghafT51
Received: from dns4.heijmans.nl ([172.54.74.57]) by hw0-a5.heijmans.nl with Microsoft SMTPSVC(5.0.2195.6824);
        Sun, 15 Jan 2017 04:50:58 -0800
Received: from zsl.heijmans.nl [127.0.0.1] by dns5.heijmans.nl
     (SMTPD32-7.12 ) id HX082315D5; Sun, 15 Jan 2017 04:50:58 -0800
Subject: Effective male enhancement
From: Justin@ks3.myhosting.co.uk
To: jason@mywebsite.co.uk
Message-Id: <853057187136552.WF62685@lfvl.heijmans.nl>
Content-Type: text/html;;
Content-Transfer-Encoding: 7Bit
Date: Sun, 15 Jan 2017 12:58:58 +0000 (GMT)
Jason
  • 9
  • 4
  • 1
    I'm voting to close this question as off-topic because it does not appear to be about programming within the scope defined in the help center. – jmoerdyk Mar 03 '17 at 22:09

2 Answers2

0

You can spoof the sender's id of an email.
There is a possibility that a scammer just spoofs the sender id of your server while he is not even connected to it.
Face it - scamming can be a real pain.

Of course don't take this answer as granted, better digg deeper into the server and control every possible entrance.

clockw0rk
  • 576
  • 5
  • 26
0

Spamming and faking someones Email, is often easier than what you think. I just don't think it's good to point out how to do this here. You can see senders IP address. So if the IP doesn't match your IP, you can be sure that you aren't hacked or something. to see sender's IP, visit here

FarhadGh
  • 134
  • 11