server admins: what to do with undelivered mails from server not sent from server ?

Discussion in 'Web Design and Development' started by dan1eln1el5en, Jan 2, 2015.

  1. dan1eln1el5en macrumors 6502

    dan1eln1el5en

    Joined:
    Jan 3, 2012
    Location:
    Copenhagen, Denmark
    #1
    Any server admins out there ?
    I am running a fairly locally popular server, and since christmasday I've seen a bunch of "undeliverable" e-mails with spam, supposedly send from a user on the server, but the IP address isn't my server.
    what to do ?

    I kind of fear my domain will get a bad reputation from sending spam, but as I can see they aren't sent from the server.
    looks a bit like a zombie bot net, since they reduced in amounts on christmas day and picked up again around 27th-29th (when people are once again back at their infected computers)

    they all carry similar content, but different sent from e-mails and IP addresses.
     
  2. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #2
    What kind of server application are you running? Like Cpanel or anything? Each of my domains has a blackhole account where undeliverables are sent and purged. I also run anti-virus and spam filtering through Cpanel to keep most of the junk out.
     
  3. dan1eln1el5en thread starter macrumors 6502

    dan1eln1el5en

    Joined:
    Jan 3, 2012
    Location:
    Copenhagen, Denmark
    #3
    webmin, mysql and apache.

    the mail server is located on a different server.
    i thought of setting up a catch-all that I would check once in a while, but I am not sure if these mails are from the very secure mail server or the web server
    I've set up the mail server myself, and deliberately didn't install smtp to avoid being a spam sender myself.

    so is it just normal with a bunch of these kind of mails or anything to prevent it ? or track it ?
     
  4. Les Kern macrumors 68040

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #4
    Look at the raw source to see where they are really from. If they are from your equipment make sure you have relaying turned off and check the account it's using for a secure password. Change it.
     
  5. 960design macrumors 68020

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #5

Share This Page