-2

Disclaimer: Please pardon the newbery!

I've got a dedicated linux server from HostGator that has around 100 accounts on it. Lately, dozens of these accounts get bombarded with junk mail a few times a day. Each batch of junk mail is sent by the same email address, from different IPs. Most of the users trying to be sent to do not exist, and it all gets blocked because it's being sent by RBL blacklisted IPs anyways.

Couple of things that are odd to me; maybe someone with more expertise could shed some light on.

  1. The mail routing for nearly all of the accounts is set at domain level. I just point A-records to the server, and let the domain's DNS handle the MX stuff. Why is mail even being received by the server?
  2. Once in a while, the spammer will actually try to send to a real email address. The emails are too unique (in my mind anyways) to be a lucky guess (for example: btelly@xxx).

I've tried setting the local MX records to be Local Mail Exchanger, then tried Remote Mail Exchanger, but the emails are still attempting to be routed. Lowest MX entries point to the domain; is there somewhere else I can point this to just dump this junk elsewhere?

Any help would be appreciated, thanks!

Wesley
  • 32,320
  • 9
  • 80
  • 116
Curtis
  • 1
  • This question is being voted for closure because the author does not show a level of technical understanding or appropriate due diligence in researching the topic that the community judges as being a minimum barrier to participate. – Wesley Feb 25 '15 at 16:54

1 Answers1

8

This quesiton is so broken that I'm going to break with ServerFault protocol here and respond to the question with some of my own questions to point out 1) How it could be improved, and 2) why control panels and web host helper applications are bad.

Title: Individual accounts being spammed on server, even though DNS not hosted

What do you mean "DNS not hosted?" When I read that title, before clicking the question, I thought it would mean that you had spam mail messages being sent to your server, even though your server's IP address did not have any domains with records that pointed to it. It appears that that's not the case. What exactly is "not hosted" about the domains?

Disclaimer: Please pardon the newbery!

None of us minds newbery too much. However, I think you've been hobbled by nanny web hosts that have allowed you to get by with virtually no understanding of some very important concepts, protocols, and general technology.

I've got a dedicated linux server from HostGator that has around 100 accounts on it.

Accounts? What kinds of accounts? Simple shell accounts? Accounts made in what application? What are we even talking about?

Lately, dozens of these accounts get bombarded with junk mail a few times a day.

So is it mail in /var/spool/mail? Is it in Dovecot? What are you using an an MTA? Exim? Postfix? I suppose the message store and MTA aren't terribly important, but this ambiguitiy adds to the confusion that already exists.

The mail routing for nearly all of the accounts is set at domain level.

I don't know what means. This doesn't mean anything. Mail is always at the domain level. The word "routing" here is being misused I think. We can split hairs about the topics of Postfix lookup tables and Exim routers, but the general idea about email is that you receive email based on the domain being sent to. I have no idea what is meant by The mail routing for nearly all of the accounts is set at domain level. Nearly all? How on earth is mail being done for those that do not fall within the scope of nearly all.

I just point A-records to the server, and let the domain's DNS handle the MX stuff.

WHAT DOES THIS MEAN?! So are you hosting websites on the server? That's what is now implied by A records being pointed to your server, but not necessarily. Do you not own the domains? Do the domain owners point A and CNAME records to your server, and then handle their own MX records?

Why is mail even being received by the server?

Probably because spammers don't care about MX records alone. They'll spam based on a large set of criterion, and send SMTP to any SMTP server that responds to HELO. If you're on the public internet, it's only a matter of time (usually just seconds) between when a host is up, and when it starts getting spam attempts sent to it.

Once in a while, the spammer will actually try to send to a real email address. The emails are too unique (in my mind anyways) to be a lucky guess (for example: btelly@xxx).

Probably not as unique as you think, and also if the email address has been around for a little while it's probably been published somewhere on the internet in some form, and thus harvested into a spam list.

I've tried setting the local MX records to be Local Mail Exchanger,

What on earth is a "Local Mail Exchanger"? That's not a standard thing, whatever it is.

then tried Remote Mail Exchanger,

The heck is a "Remote Mail Exchanger"?! Again, not a standard thing, whatever it is. I think there's some web control panel or something hand-holdy that has taken what is a realitively simple concept, and made it more complex and hazy by trying to over-simplify it.

but the emails are still attempting to be routed.

This is odd phrasing, and it may seem like nit picking, but "attempting to be routed" implies some kind of Exim routing you've set up or Postfix lookup tables, or some form of intelligent mail routing based on sender and receiver. Either way that's after you receieve the mail message. Do you mean "Mail is still being sent to my server"? Because if so, MX records aren't the only reason you'd be getting spammed.

Lowest MX entries point to the domain;

I just... wat

is there somewhere else I can point this to just dump this junk elsewhere?

Welcome to the internet, post 1992. You get spam.

Wesley
  • 32,320
  • 9
  • 80
  • 116