We've been told that huge amounts of spam are being sent through our server on one of our vB sites - from the headers of the messages, it looks like our server's IP is logging into various earthlink webmail accounts to send the spam. At least, that is the opinion of the host.
Are there any settings in 3.6.8 (patch level 2) that we can look into in order to ensure vB is not the culprit? Maybe an HTML setting somewhere or something? We should be upgrading to the latest version of vB in the next month or so, but we'd like to get this fixed before then.
Here is the spam header:
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9NA== X-Message-Status: n:0 X-SID-PRA: UN PAYMENT PROJECT. <[email protected]> X-Message-Info: pq8Ztvi04q9F1NI43A3Z8ZzFRLhGTXQKC9W+7fZbxx9pbZqY2s3P9INLykMi2rX/AlJkkl8CX8tiBD1V/sUysuC8V21R5fb2 Received: from elasmtp-masked.atl.sa.earthlink.net ([209.86.89.68]) by col0-mc3-f27.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 23 Jan 2009 06:24:58 -0800 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=siuZ6oVIEgkMCtIJkqig6mgxv7TELsFw7QuywFris6pgt/j3WxrWKulfos99tKlS; h=Message-IDate:From:Reply-To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP; Received: from [209.86.224.33] (helo=elwamui-darkeyed.atl.sa.earthlink.net) by elasmtp-masked.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <[email protected]>) id 1LQMxs-00046n-SQ; Fri, 23 Jan 2009 09:24:56 -0500 Received: from 72.52.220.188 by webmail.earthlink.net with HTTP; Fri, 23 Jan 2009 09:24:56 -0500 Message-ID: <[email protected]> Date: Fri, 23 Jan 2009 06:24:56 -0800 (GMT-08:00) From: "UN PAYMENT PROJECT." <[email protected]> Reply-To: "UN PAYMENT PROJECT." <[email protected]> Subject: NEWLY INDORSED FOREIGN DEBT RECONCILIATION. Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Mailer: EarthLink Zoo Mail 1.0 X-ELNK-Trace: 09025eb36a0ddee542539a8bdae23cdfd504699f0478060574bf435c0eb9d478e6c433f677873d40e6e7f7b28b 9f392450f28791cc03a41a350badd9bab72f9c X-Originating-IP: 209.86.224.33 Bcc: Return-Path: [email protected] X-OriginalArrivalTime: 23 Jan 2009 14:24:58.0553 (UTC) FILETIME=[5EB07A90:01C97D66] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D READ BELOW IN SPANISH AND ABOVE IN ENGLISH LE=C3=83DO ABAJO EN ESPAOL Y ARRIBA EN INGLS NOTA: SU LATA RESPONDE EN INGLS O ESPL. NOTE: YOU CAN RESPOND IN ENGLISH OR SPANISH. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20 UNITED NATION FACT FINDING AND APPROVAL OF FOREIGN DEBT PAYMENT (WORLD BANK ASSISTED PROGRAMME) DIRECTORATE OF INTERNATIONAL PAYMENT ANDTRA= NSFERS. 870 UNITED NATIONS PLAZA 20-ANEW YORK NY 10017 WIRE TRANSFER/AUDIT UNIT Our Ref: WB/NF/UN/XX027 ATTN: BENEFICIARY, =20 = =20 FOREIGN DEBT RECONCILIATION. =20
Are there any settings in 3.6.8 (patch level 2) that we can look into in order to ensure vB is not the culprit? Maybe an HTML setting somewhere or something? We should be upgrading to the latest version of vB in the next month or so, but we'd like to get this fixed before then.
Here is the spam header:
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9NA== X-Message-Status: n:0 X-SID-PRA: UN PAYMENT PROJECT. <[email protected]> X-Message-Info: pq8Ztvi04q9F1NI43A3Z8ZzFRLhGTXQKC9W+7fZbxx9pbZqY2s3P9INLykMi2rX/AlJkkl8CX8tiBD1V/sUysuC8V21R5fb2 Received: from elasmtp-masked.atl.sa.earthlink.net ([209.86.89.68]) by col0-mc3-f27.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 23 Jan 2009 06:24:58 -0800 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=siuZ6oVIEgkMCtIJkqig6mgxv7TELsFw7QuywFris6pgt/j3WxrWKulfos99tKlS; h=Message-IDate:From:Reply-To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP; Received: from [209.86.224.33] (helo=elwamui-darkeyed.atl.sa.earthlink.net) by elasmtp-masked.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <[email protected]>) id 1LQMxs-00046n-SQ; Fri, 23 Jan 2009 09:24:56 -0500 Received: from 72.52.220.188 by webmail.earthlink.net with HTTP; Fri, 23 Jan 2009 09:24:56 -0500 Message-ID: <[email protected]> Date: Fri, 23 Jan 2009 06:24:56 -0800 (GMT-08:00) From: "UN PAYMENT PROJECT." <[email protected]> Reply-To: "UN PAYMENT PROJECT." <[email protected]> Subject: NEWLY INDORSED FOREIGN DEBT RECONCILIATION. Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Mailer: EarthLink Zoo Mail 1.0 X-ELNK-Trace: 09025eb36a0ddee542539a8bdae23cdfd504699f0478060574bf435c0eb9d478e6c433f677873d40e6e7f7b28b 9f392450f28791cc03a41a350badd9bab72f9c X-Originating-IP: 209.86.224.33 Bcc: Return-Path: [email protected] X-OriginalArrivalTime: 23 Jan 2009 14:24:58.0553 (UTC) FILETIME=[5EB07A90:01C97D66] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D READ BELOW IN SPANISH AND ABOVE IN ENGLISH LE=C3=83DO ABAJO EN ESPAOL Y ARRIBA EN INGLS NOTA: SU LATA RESPONDE EN INGLS O ESPL. NOTE: YOU CAN RESPOND IN ENGLISH OR SPANISH. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20 UNITED NATION FACT FINDING AND APPROVAL OF FOREIGN DEBT PAYMENT (WORLD BANK ASSISTED PROGRAMME) DIRECTORATE OF INTERNATIONAL PAYMENT ANDTRA= NSFERS. 870 UNITED NATIONS PLAZA 20-ANEW YORK NY 10017 WIRE TRANSFER/AUDIT UNIT Our Ref: WB/NF/UN/XX027 ATTN: BENEFICIARY, =20 = =20 FOREIGN DEBT RECONCILIATION. =20
Comment