postfix – How to Trace Who was Using my Mail Relay on Spamming?

I have a Postfix mail relay server running as Exchange smarthost as well as hosting another mail locally.

Last week I observed an attack on this server, someone is using it to send massive emails to different destinations.

I can’t find out where it is connected from and the “from” address is also masked.

Below is the mail logs:

Apr 16 06:29:10 mail.xxx.com postfix/qmgr(25497): EC5A91D727: from=<>, size=3096, nrcpt=1 (queue active)
Apr 16 06:29:10 mail.xxx.com postfix/bounce(12183): B37D31D6FA: sender non-delivery notification: EC5A91D727
Apr 16 06:29:10 mail.xxx.com postfix/qmgr(25497): B37D31D6FA: removed
Apr 16 06:29:11 mail.xxx.com postfix/smtp(12164): 1A9B71D801: to=<xxx@inver**.com>, relay=inver**.com(164.138.x.x):25, delay=50, delays=39/0/6.7/5, dsn=2.0.0, status=sent (250 OK id=1lX6jh-000875-TC)
Apr 16 06:29:11 mail.xxx.com postfix/qmgr(25497): 1A9B71D801: removed
Apr 16 06:29:11 mail.xxx.com postfix/smtp(11990): 3BEAB1D9C3: to=<xxx@tms**.pl>, relay=tms**.pl(194.181.x.x):25, delay=49, delays=37/0/6.7/5.4, dsn=2.0.0, status=sent (250 OK id=1lX6ji-000469-QT)
Apr 16 06:29:11 mail.xxx.com postfix/qmgr(25497): 3BEAB1D9C3: removed
Apr 16 06:29:12 mail.xxx.com postfix/smtp(12954): 418621D80D: to=<xxx@medi**.com.cn>, relay=mxw**.com(198.x.x.x):25, delay=51, delays=38/0/8.5/4.5, dsn=5.0.0, status=bounced (host mxw.mxhichina.com(198.11.189.243) said: 551 virus infected mail rejected (in reply to end of DATA command))
Apr 16 06:29:12 mail.xxx.com postfix/cleanup(7936): 6711A1D7B7: message-id=<20210415182912.6711A1D7B7@mail.xxx.com>
Apr 16 06:29:12 mail.xxx.com postfix/bounce(12184): 418621D80D: sender non-delivery notification: 6711A1D7B7
Apr 16 06:29:12 mail.xxx.com postfix/qmgr(25497): 418621D80D: removed
Apr 16 06:29:12 mail.xxx.com postfix/qmgr(25497): 6711A1D7B7: from=<>, size=2554, nrcpt=1 (queue active)
Apr 16 06:29:12 mail.xxx.com postfix/smtp(11499): 65E4C1D95F: to=<xxx@an**.com>, relay=aspmx.l.google.com(172.217.x.x):25, delay=51, delays=38/0/6.3/6.7, dsn=5.7.0, status=bounced (host aspmx.l.google.com(172.217.194.27) said: 552-5.7.0 This message was blocked because its content presents a potential 552-5.7.0 security issue. Please visit 552-5.7.0  https://support.google.com/mail/?p=BlockedMessage to review our 552 5.7.0 message content and attachment content guidelines. z63si3810735ybh.300 - gsmtp (in reply to end of DATA command))
Apr 16 06:29:12 mail.xxx.com postfix/cleanup(10468): 705F91D801: message-id=<20210415182912.705F91D801@mail.xxx.com>
Apr 16 06:29:12 mail.xxx.com postfix/smtp(11996): F05911DBCA: to=<xxx@maq**.ae>, relay=maq**.protection.outlook.com(104.47.x.x):25, delay=36, delays=27/0/3.1/6, dsn=2.6.0, status=sent (250 2.6.0 <20210415112836.BE31E4C0C57EAA1B@alshirak.com> (InternalId=93338229282509, Hostname=DB8PR10MB2745.EURPRD10.PROD.OUTLOOK.COM) 933811 bytes in 3.322, 274.451 KB/sec Queued mail for delivery)
Apr 16 06:29:12 mail.xxx.com postfix/qmgr(25497): F05911DBCA: removed
Apr 16 06:29:12 mail.xxx.com postfix/bounce(12183): 65E4C1D95F: sender non-delivery notification: 705F91D801
Apr 16 06:29:12 mail.xxx.com postfix/qmgr(25497): 65E4C1D95F: removed

How to check where is the attack source? Is there a way to limit only a specific range of domains that can be used for mail relay?

I’m not a Postfix professional, so any suggestions/advises would be appreciated.

Mass Mailing , Email Spamming , PHPMailer

Hello, from some days any user is doing mass mailing from our server and now our IP is blocked in SpamHaus etc.
these things are happening … | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1838335&goto=newpost

Spamming comments from " blogger bounces google "

I hope someone can help me figure out. My gmail inbox gets spammed by comments made on someone else's blog. The sender id that I get is "blogger.bounces.google.com"… Now, I've got no clue… and the spammed comments are really frustrating.

Anybody here… got any clue on how to end this?

Regards
Rome

seo – Is this link spamming? WordPress blog profile page and monthly archive pages

I am a contributor on a blog (WordPress based) and I have a profile page there, where I’ve put a short bio and a link to my personal website.

On that profile page, there are links to “monthly archive” pages, which show the posts that I’ve made on each month, every year. These pages display the same text (and link) from the profile page.

Google has started indexing those, so, as of today, I have five linking pages from that blog on Search Console: the profile page and some of the monthly archive pages. Example:

  • example.com/author/my-name (profile page)
  • example.com/author/my-name/?m=202005 (May 2020 page)
  • example.com/author/my-name/?m=202003 (March 2020 page)

    And so on.

Will this be considered link spamming? Should I remove that link from my profile, or at least add a “nofollow” to it?

Thanks in advance!

disavow links – One domain linking single post over 1,000 time looks spamming?

When I’m checking Google webmaster tool, it shows one domain linking 1,067 times to my blog single post. All these 1,067 are different blog posts in that site. That site owner added my one blog post as a troubleshooting guide with a Click anchor text.

I didn’t create these backlinks and I have no connection with him/her. I would like to know that, is it spamming backlink? Should I “Disavow” this domain from Google webmaster tool?

enter image description here

dns – My domain emails are spamming – Split IP and suspicious server name

I have a problem with my VPS and Mails on OVH.

I ordered a VPS and a domain name for this. In Cpanel, I have created a new user, added my domain name and some email accounts. The website works well and so does e-mail (can send and receive e-mail). My only problem with emails is Spam Assasin. All emails sent from my domain name go to the spam folder everywhere (Hotmail, Gmail, etc.).

This is an "error" message:

0.0 CK_HELO_DYNAMIC_SPLIT_IP HELO’d relay using suspicious hostname * (Split IP)

I don't know if I have configured my DNS correctly.

Here is my configuration:

NS: dns16.ovh.net.
NS: ns16.ovh.net.
MX: vpsXXXX.ovh.net
A: My VPS IP
AAAA: My VPS IPV6
SPF: "v=spf1 a mx mx:vpsXXXXX.ovh.net ip4:51.XXX.XXX.XXX ip6:XXXXX:XXX:XXXX:XXXX:0:0:0:53ca ~all"
DMKEY: v=DKIM1;k=rsa;p=(My Key);

links – Would spamming developer Stack Overflow's story increase SEO evaluations of my websites?

Imagine starting to create hundreds of Stack Overflow accounts. ((I am not and I do not intend to do it in reality). I add a link to my site in the personal site space of the profile. I then make public the developer story (CV). for example. https://stackoverflow.com/story/kamilt

If such pages are searchable on Google and contain links to my website, will this help the SEO of my website? Would that allow me to get a higher ranking in Google because of this?

Advanced SEO techniques to succeed in 2020

In recent years, SEO has changed a lot. In its infancy, SEO was limited to stuffing keywords, spam links and modifying the main code. Fortunately, Google has eliminated many practices designed only to manipulate search results.

To improve the quality of search engine results, Google continues to modernize its algorithms. As a result, the SEO techniques used during the first decade of the 21st century are no longer effective today.

For this reason, online businesses must follow the latest search engine algorithms and update their SEO techniques over time.

In the next section, we'll talk about some SEO techniques that will help you generate leads in 2020 and beyond. So without further ado, let's get started.

.

Stop spamming the wires | Black Hat Forum on SEO and Affiliate Marketing

Discussion in & # 39; General Business & # 39; started by FindDIY, January 29, 2019 at 18:43.

Keywords:

  • posts
  • spam
  • wire icons
  • topics

  1. TrouverDIE,
    January 29, 2019 at 18:43

    # 1


    TrouverDIE

    TrouverDIE
    Member


    joined:
    Saturday
    posts:
    105
    I like receipts:
    0
    Trophy points:
    16
    Sex:
    Male
    Home page:
    https://bidflux.blogspot.com

    Stop the spam!

    # 1


  2. TrouverDIE,
    January 29, 2019 at 9:45 pm

    # 2


    TrouverDIE

    TrouverDIE
    Member


    joined:
    Saturday
    posts:
    105
    I like receipts:
    0
    Trophy points:
    16
    Sex:
    Male
    Home page:
    https://bidflux.blogspot.com

    Stop the spam!

    # 2