Our System Has Detected An Unusual Rate of Unsolicited Email

Discussion in 'Gmail' started by Big Dan, Jul 31, 2010.

  1. Big Dan

    Big Dan EQ Forum Moderator Staff Member

    Joined:
    Aug 14, 2008
    Messages:
    647
    Likes Received:
    16
    I've gotten about 500 of these bounce messages in the page 3 days. A catch all for odjt.com is forwarding into my Gmail account. peggy@odjt.com doesn't actually exisit. Being a four letter.com it gets spoofed quite frequently.

    The thing is this time it appears to be saying my server IP is blocked however I'm still receiving my regular email through that server at Gmail without issue. I poked around and it doesn't appear that my server has been compromised.

    Wouldn't Google see that the mail isn't originating from my server's IP only being received at it?

     


  2. caliman

    caliman New Email

    Joined:
    Aug 2, 2010
    Messages:
    1
    Likes Received:
    0
    Hi Dan - I am glad to find your post. I have received about 200 emails in the last few days very similar to yours.

    Have you found anything out about it yet?
     

  3. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    Yikes, catchalls are evil. What do your logs say for the mails forwarding for your domain to Gmail? there are two primary issues. The first is joe jobs where spammers use your From: on their spams so you get the bounces. The second is dictionary attacks. If a spammer tries tens of thousand or more addresses at your domain they are all going to forward to Gmail. At the very least I'd remove the catchall, check your logs, and go from there.

    -Raymond
     
  4. Big Dan

    Big Dan EQ Forum Moderator Staff Member

    Joined:
    Aug 14, 2008
    Messages:
    647
    Likes Received:
    16
    Don't beat me for being stupid but where would my logs be in the filesystem?
     
  5. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    It depends on your MTA and any logging specific configurations you made.

    What MTA does your hosting use? Trying /var/log is a reasonable place to start. Do you have a syslog into maillog in there?
     
  6. Big Dan

    Big Dan EQ Forum Moderator Staff Member

    Joined:
    Aug 14, 2008
    Messages:
    647
    Likes Received:
    16
    I know WHM (Web Host Manager) keeps logs but I don't know for how long. I'm 99% sure the server is using EXIM. WHM emails me everyday and tells me what email is sending - I've seen nothing but vBulletin via PHP so I doubt my server has been compromised. I have a firewall installed which emails me anytime someone logs in via ssh. I really think it's just a joe job and gmail is pissed it's getting all sorts of bounce messages. With the catchall gone it shoudl clear itself up.

    I'll poke around for the logs in the morning and email you a dump if you don't mind.

    I appreciate the help. :)

    Thanks,
    Dan
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...