The Planet Forums > How to stop SPAMMER SENDING 5000+mail/Hr. ?

Full Version: How to stop SPAMMER SENDING 5000+mail/Hr. ?

The Planet Forums > Control Panels > cPanel/WHM

dolay

Aug 4 2004, 05:05 PM

there were an account idan.echsun.net amd this user start to spam mails from Adv@idan.echsun.net email .

We have deleted user idan.echsun.net also master domain ecshun.net aslo rm -f '/home/idan/' but still spamming 5000 e-mails per hour by this user since 2 days.

We have exim+clamav+mailscanner installer updated/installed too however it never effect to stop that spam...

Please help us and the world stop this evil. I think there millions of spam mails send to the world

when i "locate idan" to delete related files from the server i see :

/usr/local/cpanel/3rdparty/mailman/locks/adv_idan.echsun.net.lock.dedicated.newista.net.576 4.0
/usr/local/cpanel/3rdparty/mailman/locks/adv_idan.echsun.net.lock.dedicated.newista.net.135 17.1
/usr/local/cpanel/3rdparty/mailman/locks/adv_idan.echsun.net.lock.dedicated.newista.net.226 33.0
/usr/local/cpanel/3rdparty/mailman/locks/adv_idan.echsun.net.lock.dedicated.newista.net.306 63.0
/usr/local/cpanel/3rdparty/mailman/locks/adv_idan.echsun.net.lock.dedicated.newista.net.311 39.0
/usr/local/cpanel/3rdparty/mailman/locks/adv_idan.echsun.net.lock.dedicated.newista.net.323 65.0
/usr/local/cpanel/3rdparty/mailman/locks/adv_idan.echsun.net.lock.dedicated.newista.net.160 0.0
/usr/local/cpanel/3rdparty/mailman/locks/adv_idan.echsun.net.lock.dedicated.newista.net.189 7.0
/usr/local/cpanel/3rdparty/mailman/data/heldmsg-adv_idan.echsun.net-1.pck
/usr/local/cpanel/3rdparty/mailman/data/heldmsg-adv_idan.echsun.net-2.pck
/usr/local/cpanel/3rdparty/mailman/data/heldmsg-adv_idan.echsun.net-3.pck
/usr/local/cpanel/3rdparty/mailman/data/heldmsg-adv_idan.echsun.net-4.pck
/usr/local/cpanel/3rdparty/mailman/data/heldmsg-adv_idan.echsun.net-5.pck
/usr/local/cpanel/3rdparty/mailman/data/heldmsg-adv_idan.echsun.net-6.pck
/usr/local/cpanel/3rdparty/mailman/data/heldmsg-adv_idan.echsun.net-7.pck

which are comeback when we delete to.

Also when we try to empty /etc/relayhosts-relayhostsusers file to disable relay for everyone hosted on this server , those files comeback and filled its inside automatically.

Can anyone gues whats happening on this server and how can we stop this.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.