My server is being used as spam for emails, I am getting hundreds of return emails a day that look like the following.
(aw-technologies.com is my domain)
Does anyone know how to stop this and what is causing it?
***** COPY OF A RETURN EMAIL ***** Hi. This is the qmail-send program at Mserv-1.skylineteknik.dk. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.
skri@skylinemail.dk: The mailbox on the server is now 100% full. So that you can not continue to receive mail. /Mailboksen paa serveren er 100% brugt, og kan derfor ikke modtage din mail. /
--- Below this line is a copy of the message.
Return-Path: skri2f@aw-technologies.com Received: (qmail 22590 invoked by uid 89); 20 Oct 2014 16:56:06 -0000 Received: from unknown (HELO Mscan-1.skylineteknik.dk) (172.16.109.47) by Mserv-1.skylineteknik.dk with SMTP; 20 Oct 2014 16:56:06 -0000 X-Greylist: delayed 00:12:01 by SQLgrey-1.7.6 Received: from skylinemail.dk (unknown [194.150.115.31]) by Mscan-1.skylineteknik.dk (Postfix) with ESMTP id 2F9E11D82A2 for skri@skylinemail.dk; Mon, 20 Oct 2014 18:56:01 +0200 (CEST) Received: from bubo-399d34f802 ([46.254.133.24]) by skylinemail.dk (IceWarp 11.0.1.2 x64) with ESMTP id 201410201844001931 for skri@skylinemail.dk; Mon, 20 Oct 2014 18:44:00 +0200 Date: Mon, 20 Oct 2014 18:43:59 +0200 From: YahooFinance Canada skri2f@aw-technologies.com To: skri@skylinemail.dk Message-ID: <000003d6fa6b0317-6700df67-5782-dcfe-d2a1-eef2d7757c6f-000000@localhost> Subject: New report this evening! MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_3950_3531700404.4172369411479" X-SES-Outgoing: 2014.10.20-127.0.0.1 X-Skyline-MailScanner-Information: Please contact the ISP for more information X-Skyline-MailScanner-ID: 2F9E11D82A2.AE348 X-Skyline-MailScanner: Found to be clean X-Skyline-MailScanner-From: skri2f@aw-technologies.com X-Spam-Status: No
------=_Part_3950_3531700404.4172369411479 Content-Type: multipart/related; boundary="----=_Part_3951_594597734.4172369411479"
------=_Part_3951_594597734.4172369411479 Content-Type: text/plain;charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Check this out http://finance.yahoo.com/q?s=3DISM.TO&ql=3D0 It is traded on the CanadianExchange but that's ok because it's about to go= hit 15 cents before the end of the week. That's up from a current 6 cents.
------=_Part_3951_594597734.4172369411479--
------=_Part_3950_3531700404.4172369411479--
Howdy,
Do you see any messages in your outgoing email queue on your server? You can view them by going into Webmin -> Services -> Postfix -> Mail Queue.
If so, seeing the email headers of an email trying to go out would help in identifying it's source.
In most cases though, either an email account on your server had it's password guessed, or a website has vulnerable software running that spammers are taking advantage of.
-Eric