Go Back   vb.org Archive > Community Discussions > Forum and Server Management
  #1  
Old 02-05-2015, 05:51 AM
HM666's Avatar
HM666 HM666 is offline
 
Join Date: Jan 2014
Location: Little Rock, AR
Posts: 1,060
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Bounced Email Woes

Having a severe bounce email problem with a client's site since the host "fixed" their hosting. They "fixed" it by moving them to a bigger more expensive hosting plan which is not working much better than the plan they had before. To make a long story short it never fixed the initial problem that we had to begin with and now the client gets hundreds of bounced emails pretty much every day since the switch.

The hosting company in their infinite wisdom cited that we should turn off the MAILER-DAEMON and that would solve the problem completely. If we just turned this off all our troubles would be over. I'm not so sure about that personally. I think they are idiots personally. This is the information they gave my client on turning it off:

Quote:
This file needs to be edited via ssh command line not via WHM/CPANEL or FTP.

You would add/edit the entry in the /etc/aliases file on the server to read: -

MAILER-DAEMON: /dev/null
This was the extent of the instructions they gave. I really feel this is just a band aid to a much larger server problem they have. When my client asked them if they would edit it they said they would "do it this time but charge him if they had to do it again". The bounced emails stopped for a couple of weeks and now they are back, when my client emailed them again they said the same thing as above to edit the file. But didn't they do that already???

So my question to everyone is how do I go about trying to find and fix this problem with the email? How do we find why there are hundreds of bounced emails in this account. What steps should I take? Is it safe to edit this file via SSH? Or is the host full of s***? If its ok to edit this file via SSH? How do I navigate to it using SSH? Its not that common that I use SSH to design a web site, so I do not know the commands to navigate to files or where they are. And of course there was nothing on the host's site that was remotely helpful.

What I have tried already:

1. Checking the settings in the WHM.
2. Checking the settings in the cPanel.
3. Enabled SpamAssassin.
4. Removed email accounts that seemed wrong that the client did not remember creating.
5. Have done several hours of research online/google looking for an answer and have found nothing that tells me what I need so far.

Any help would be great! Thanks.
Reply With Quote
  #2  
Old 02-06-2015, 04:41 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Make sure they have an SPF and that the MX records are correct, check the "from" domain is correct, in fact there's lots to check that moving server could have broken, try out http://www.dnsstuff.com/tools you have to register for free to use the professional toolset but it will help you a lot
Reply With Quote
Благодарность от:
RichieBoy67
  #3  
Old 02-06-2015, 09:41 AM
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Location: CT - Down in a hole..
Posts: 3,057
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

As for editing that file it is not a solution and the file will most likely be over written after cpanel/whm updates.

You will have to set up the mail server/dns according to anti spam regulations.

What do the headers in the bounced emails say?

What do you get in http://mxtoolbox.com ??
Reply With Quote
  #4  
Old 02-07-2015, 06:14 AM
HM666's Avatar
HM666 HM666 is offline
 
Join Date: Jan 2014
Location: Little Rock, AR
Posts: 1,060
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks I'll take a look at these on Monday and see. Richie yeah I was pretty much thinking the same thing. I really did not think the hosts "Fix" was gonna fix anything. *sigh*.
Reply With Quote
Благодарность от:
RichieBoy67
  #5  
Old 02-10-2015, 02:21 AM
HM666's Avatar
HM666 HM666 is offline
 
Join Date: Jan 2014
Location: Little Rock, AR
Posts: 1,060
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

WOW - digging around in WHM cPanel while waiting for some of the tests to load and to me it looks as if possibly the email account has been hacked. What do you guys think?

I'm in the View Mail Statistics Summary area and under the heading: Top 50 sending hosts by message count I see these hosts as senders I assume:

ip1.grsrv.com
(wf41wb6.myrename.com)
(l7erx.renameweb.com)
(marketmindful2.com)
(nativespace-janus.ns-janus.com)
(grandpat.info)
(lloydstsb.co.uk)
m5.myzamanamail.com
(ip-static-74-121-182-135.as5577.net)
(mailserver.localhost.com)
fordtruckin.com
m1.myzamanamail.com
(acreflubgh0121.com)
(h2zmoj.renameweb.com)
mail02.feedblitz.com
mta65250.mxmfb.com
r26.hello.channel4.com
pc-175-63-100-190.cm.vtr.net
hot-train.com
mout.gmx.com
(bldprssure0128.com)
m10.myzamanamail.com
(fight4fam0128.com)
jest8.jestpil.org
(gmail.com)
106-85.mta.dotmailer.com
(februdeals.co)
mail2146.lakelandltd.mkt2684.com
(datecommunity.co)
(topwindowglass.net)
spruce-goose-af.twitter.com
spruce-goose-al.twitter.com
spring-chicken-ar.twitter.com
mail23.members.csnstores.com
mail4.members.csnstores.com
smtp083.myfanbox.com
(static.ttnet.com.tr)
cpe-066-056-189-213.sc.res.rr.com
mail.aaftexteis.pt
(rectifyeliminate.co)
smtp076.myfanbox.com
smtp077.myfanbox.com
nitrogen-onsise.cccampaigns.com
(truefreecredit.org)
68-170-59-100.mammothnetworks.com
mail1767.messages.eno.org
61-227-9-71.dynamic.hinet.net
fw.dabs.com
adsl-68-91-199-150.dsl.snantx.swbell.net

If this is a hacked situation how do I fix this? I'm used to fixing a hacked vBulletin but not an email server. Shouldn't the freaking host be fixing this crap since they are the ones who ultimately caused it anyways?!?!? I've attached three screens from the site suggested by Simon. I'm not sure what exactly some of that means on those warnings. Where do I make those changes or is that something the host should do?
Attached Images
File Type: jpg screen1.jpg (387.8 KB, 0 views)
File Type: jpg screen2.jpg (303.2 KB, 0 views)
File Type: jpg screen3.jpg (276.1 KB, 0 views)
Reply With Quote
  #6  
Old 02-10-2015, 06:25 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've checked and your DNS is mismatched and your SPF failed too! Your email system is set to NOT relay mails which is a good thing. If your server is compromised at all it must be sending mails direct rather than via another host.

Can you post or PM me an entire header of a suspect mail? you can get ith through looking at the mails via WHM.
Reply With Quote
  #7  
Old 02-10-2015, 10:53 AM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you use shared hosting? This stuff always happens with shared hosting, some websites get hacked and are then backdoored to be used for email spamming and DDoSing.
Reply With Quote
  #8  
Old 02-10-2015, 01:34 PM
HM666's Avatar
HM666 HM666 is offline
 
Join Date: Jan 2014
Location: Little Rock, AR
Posts: 1,060
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dave View Post
Do you use shared hosting? This stuff always happens with shared hosting, some websites get hacked and are then backdoored to be used for email spamming and DDoSing.
Nope this is on a dedicated server or at least its supposed to be. This is one reason why I do not think the host is all together knowledgeable.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:53 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03791 seconds
  • Memory Usage 2,259KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (2)post_thanks_box_bit
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (3)postbit_attachment
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_attachment
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete