26354505 (1, 1/26354505) Return-path: JUNIEHILL@ontop-seo.com From: JUNIE HILL 'JUNIEHILL@ontop-seo.com' To: "rachel 31192 1835" 'rachel.31192.1835@swiftoilandgashouston.aplitrak.com', "michael l sewell" 'michael.l.sewell@ExxonMobil.com', "hr department2010" 'hr.department2010@yahoo.com', "mtoups" 'mtoups@swiftoilandgas.com', "darren harkness" 'darren.harkness@exxonmobil.com', "vacation" 'vacation@beachvillavip.com', "AConnolly" 'AConnolly@fircroft.com', "damita palmer" 'damita.palmer@fluor.com', "joe w sage" 'joe.w.sage@exxonmobil.com', "telinahill" 'telinahill@gmail.com', "marlin" 'marlin@luxuryres.com', "bbrodbeck" 'bbrodbeck@lifetimefitness.com', "lori" 'lori@corporateconnection.net', "greenhilljr" 'greenhilljr@gmail.com', "coolbreezesa" 'coolbreezesa@sbcglobal.net', "daniel villereal" 'daniel.villereal@RNDC-USA.com', "joestexasangel" 'joestexasangel@gmail.com', "jaime" 'jaime@lacasarealtygroup.com', "Jason Gibbons" 'Jason_Gibbons@sterlinghoteldallas.com', "fr reed" 'fr_reed@msn.com' Subject: re: Date: Tue, 30 Dec 2015 01:44:39 +0000 Size: 2740 bytes
MESSAGE NUMBER 26354505 --------------Received: (qmail 2771 invoked by uid 453); 30 Dec 2015 12:44:57 -0000Received: from Unknown (HELO ori-comp.com) (42.119.69.105) (smtp-auth username seo@ontop-seo.com, mechanism plain) by ori-comp.com (qpsmtpd/0.84) with (AES256-GCM-SHA384 encrypted) ESMTPSA; Wed, 30 Dec 2015 14:44:57 +0200Date: Tue, 30 Dec 2015 01:44:39 +0000From: JUNIE HILL To: "rachel 31192 1835" , "michael l sewell" , "hr department2010" , "mtoups" , "darren harkness" , "vacation" , "AConnolly" , "damita palmer" , "joe w sage" , "telinahill" , "marlin" , "bbrodbeck" , "lori" , "greenhilljr" , "coolbreezesa" , "daniel villereal" , "joestexasangel" , "jaime" , "Jason Gibbons" , "fr reed" Message-ID: <8f0eb6ed7a8f$077840c3$ffdd9817$@ontop-seo.com>Subject: re:MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_028D_D00279A9.7C3D604C" X-Virus-Checked: Checked by ClamAV on ori-comp.com
And how to resolve it?
hi and thank you the user "seo" and the domain "ontop-seo.com" are no longer hosted on my server I deleted them two weeks ago and also I changed the all of his dns records to point to godaddy host.but I still get those mails
Check you do not have a backup MX that still finds its way to your server. Spammers will often use the backup MX.
I would check the qpsmtpd log files and find out which IP adress(es) this spam is coming from. Is it internal, from your LAN, or does it come from outside? If it's from outside, you must make sure that your setup doesn't allow relaying.
Connecting to 82.166.61.136220 secureserver.ori-comp.com ESMTP [2486 ms]EHLO PWS3.mxtoolbox.com250-ori-comp.com Hi pws3.mxtoolbox.com [64.20.227.134]250-PIPELINING250-8BITMIME250-SIZE 35000000250 STARTTLS [781 ms]MAIL FROM:<supertool@mxtoolbox.com>250 <supertool@mxtoolbox.com>, sender OK - how exciting to get mail from you! [1000 ms]RCPT TO:<test@example.com>550 relaying denied test@example.com [797 ms]PWS3v2 8174ms
db configuration show qpsmtpdqpsmtpd=service Authentication=enabled BadCountries= Bcc=disabled BccMode=cc BccUser=maillog DNSBL=enabled GeoIP=enabled LogLevel=6 MaxScannerSize=30000000 RBLList=bl.spamcop.net:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net:psbl.surriel.com:zen.spamhaus.org RHSBL=enabled RelayRequiresAuth=enabled SBLList=multi.surbl.org:black.uribl.com:rhsbl.sorbs.net TlsBeforeAuth=1 access=public qplogsumm=disabled status=enabled
Received: from Unknown (HELO ori-comp.com) (42.119.69.105) (smtp-auth username seo@ontop-seo.com, mechanism plain)
7 Replies
2737 Views