Jump to content

[Solved] Requesting unsuspension

gvr590

By gvr590
in Suspended and Queued Accounts

 Share

Recommended Posts

gvr590 Rookie

gvr590

Posted
Posted

Please unsuspend my site... or tell me what rule I have infringed and I will change it. I'm not aware of anything I've done in violation of the rules. In fact, I haven't effectively changed my site in years.

Thank you,

Richard

www.greenvalleyrecording.com

wolstech Grand Master

wolstech

Posted
Posted

It's suspended because we received a Spam complaint for your account. Can you explain why this email was sent, and ensure that the user listed never receives email from you again?

Once you let us know how you'll correct this, I'll unsuspend you. 

We have received a complaint about your account. Please investigate and fix within 24 hours.

Hurricane Electric Abuse Department
support@he.net

From fbl@bounce.mailstream.senderscore.net  Fri Jul 29 16:33:38 2022
Return-Path: <fbl@bounce.mailstream.senderscore.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from mail.he.net (mail.he.net [216.218.186.2])
        by abuse.he.net (Postfix) with ESMTPS id DB4ED1EA07D1
        for <report@abuse.he.net>; Fri, 29 Jul 2022 16:33:38 -0700 (PDT)
Authentication-Results: abuse.he.net; dkim=pass
        reason="1024-bit key; insecure key"
        header.d=senderscore.net header.i=@senderscore.net
        header.b=G0DqpIn8; dkim-adsp=nxdomain; dkim-atps=neutral
Authentication-Results: mail.he.net;
        dkim=pass (no signature error) header.i=@senderscore.net header.s=081107 header.b=G0DqpIn8;
        spf=pass (mail.he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) smtp.mailfrom=fbl@bounce.mailstream.senderscore.net smtp.helo=mrd.us-east-1a.returnpath.net;
        dmarc=none (Policy up to you. No DMARC record found) header.from=synacorfbl.senderscore.net
X-DMARC-Results: none
X-SPF-Results: pass
Received-SPF: pass (mail.he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) client-ip=54.84.12.226; envelope-from=fbl@bounce.mailstream.senderscore.net; helo=mrd.us-east-1a.returnpath.net;
X-DKIM-Results: pass
Received: from mrd.us-east-1a.returnpath.net (mrd.us-east-1a.returnpath.net [54.84.12.226])
        by he.net with ESMTPS (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD)
        for <abuse@he.net>; Fri, 29 Jul 2022 16:32:33 -0700
Received: (Haraka outbound); Fri, 29 Jul 2022 23:32:32 +0000
Received: from localhost ([10.252.144.202])
        by mrd.us-east-1a.returnpath.net (Haraka/2.8.21) with ESMTP id A0C505BE-7370-4305-940C-DBBC0A0C6989.1
        envelope-from <fbl@bounce.mailstream.senderscore.net>;
        Fri, 29 Jul 2022 23:32:32 +0000
X-Rp-Fbl: type=arf; subscriptionID=40613
Content-Type: multipart/report; report-type=feedback-report;
 boundary=edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b
Message-Id: <01G964VWBG8TJFDSJBK2D4QQM0.fbl@bounce.mailstream.senderscore.net>
To: abuse@he.net
Subject: Synacor Abuse Report
From: Synacor FBL Service <feedbackloop@synacorfbl.senderscore.net>
Date: Fri, 29 Jul 2022 23:32:32 +0000
Mime-Version: 1.0
DKIM-Signature: v=1;a=rsa-sha256;bh=TNl4TEe4ZEqw6VPSkQjTYwzd6JMjcxne6br7pnN2YKc=;c=relaxed/simple;d=senderscore.net;h=from:to:subject;s=081107;b=G0DqpIn84vcHijX93ht8DzDVcfybI+KgDTxvBIuOT9AznhfMiBkwXXz6HfHnvjv5bd2PQmvq/TaEpr8cK9uBd1kZLUMnEPhLs/0HzUPxEnaKDJD/MOH31tX8m99FcuEIBJCfwo8WsQwIQXdehnuMTu3o31XDYU2yiARjvGUgjLQ=

--edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

This is a Synacor Abuse Report for an email message received from domain gr=
eenvalleyrecording.com, IP 65.19.141.77, on Fri, 29 Jul 2022 20:14:26 +0000=
.

--edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: message/feedback-report

User-Agent: ReturnPathFBL/2.0
Arrival-Date: Fri, 29 Jul 2022 20:14:26 +0000
Original-Rcpt-To: fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com
Reported-Domain: greenvalleyrecording.com
Source: Synacor
Abuse-Type: complaint
Feedback-Type: abuse
Version: 1
Original-Mail-From: srs0=btzj=yc=gmail.com=lilhug075@greenvalleyrecording.com
Source-Ip: 65.19.141.77
Subscription-Link: https://fbl.returnpath.net/manage/subscriptions/40613

--edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: message/rfc822

Return-Path: SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com
Received: from mx01.aqua.bos.sync.lan (LHLO mx.windstream.net) (10.80.44.41)
 by md24.aqua.sync.lan with LMTP; Fri, 29 Jul 2022 16:14:34 -0400 (EDT)
Return-Path: <SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com>
X-Received-HELO: from [65.19.141.77] (helo=tommy2.heliohost.org)
Authentication-Results: mx01.aqua.bos.sync.lan header.DKIM-Signature=@gmail.com; dkim=pass
Authentication-Results: mx01.aqua.bos.sync.lan smtp.mail=SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com; spf=neutral
Received-SPF: neutral (mx01.aqua.bos.sync.lan: 65.19.141.77 is neither permitted nor denied by domain of greenvalleyrecording.com)
Received: from [65.19.141.77] ([65.19.141.77:56692] helo=tommy2.heliohost.org)
        by mx.windstream.net (envelope-from <SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com>)
        (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTPS (cipher=DHE-RSA-AES128-GCM-SHA256)
        id 9D/70-08261-8AF34E26; Fri, 29 Jul 2022 16:14:33 -0400
Received: by tommy2.heliohost.org (Postfix, from userid 30)
        id E285E4037A1B; Fri, 29 Jul 2022 20:14:29 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on tommy2.heliohost.org
X-Spam-Level:
X-Spam-Status: No, score=0.2 required=7.0 tests=DKIM_SIGNED,DKIM_VALID,
 DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_PASS autolearn=no autolearn_force=no version=3.4.0
X-Original-To: fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com
Delivered-To: fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com
Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com
 [209.85.216.47])
 by tommy2.heliohost.org (Postfix) with ESMTPS id 4D29E402A0C4
 for <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com>; Fri, 29 Jul 2022 20:14:27 +0000 (UTC)
Authentication-Results: tommy2.heliohost.org;
 dmarc=pass (p=NONE sp=QUARANTINE) smtp.from=gmail.com header.from=gmail.com;
 dkim=pass header.d=gmail.com;
 spf=pass (sender IP is 209.85.216.47) smtp.mailfrom=lilhug075@gmail.com
 smtp.helo=mail-pj1-f47.google.com
Received-SPF: pass (tommy2.heliohost.org: domain of gmail.com designates
 209.85.216.47 as permitted sender) client-ip=209.85.216.47;
 envelope-from=lilhug075@gmail.com; helo=mail-pj1-f47.google.com;
Received: by mail-pj1-f47.google.com with SMTP id
 t2-20020a17090a4e4200b001f21572f3a4so6303598pjl.0
 for <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com>; Fri, 29 Jul 2022 13:14:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=date:mime-version:to:subject:from:message-id:from:to:cc;
 bh=f3FcIhFyp9OVejD3O61kCj7XdHZztbsocfArQ5LgIUw=;
 b=LoliToucd6Kox6pexh75Z2zjmWkMtyHZFFm+aXbYQe4f0hAj+NPCjeVD/LHGRDbSUF
 5fcVXjsYlInRxFqQiI5kISEAkYlA+fdM2Sa+4cQDCHFIgsdQD7P7eBW7wuBZG32izDD/
 tP1Cxsw+epX9fbUd93tY+4/h53H7lgeWKGxis0rwAy8qZ5RdMUNu8L13J/8Gdzmcbocw
 mDtQyWt8uuoaIaDSGXVLJj9hDovsZKl94riAsCsQraau/tNEDwcVuLmQcVoHcps20v4V
 eqPw9W2GRd5Zd3i7vKcdFQF/tpW+w+0jHB8y6DxgjhyBvW8ZE0yfC1XRpkoWy04TIdfq
 HdUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=date:mime-version:to:subject:from:message-id:x-gm-message-state
 :from:to:cc;
 bh=f3FcIhFyp9OVejD3O61kCj7XdHZztbsocfArQ5LgIUw=;
 b=CXOYOuF7a0Tzv3ugZBUbs2BDPSvtywkaXGtsDdIFSAU9Vftwzq9KXfAaBZqu6ED+Av
 rYgen/G3tEpv+OvJ7ulQCPCGDg+/IKuX4njpoXcwN33EFOs4eWseVBZiDUa08wb/8QJL
 9Wou7CBzZVCTVazn/+et+gc8KuiXQshC0CugEBYae/gO67t4XBp711wjHtifXpkq1S8O
 pdLHg7hWN0eR8vz9bBhYF3tNI/PKnKoi121vPOFmBo9MQLWzBRGjFEgpF6buHexb8EQv
 htQFdqzAZtaaP7lj/y4o+/d3OHBRgbnEMjLnz/3KGWcPskhbOGNyBdJFMkufdBtYr2TE
 Eg9g==
X-Gm-Message-State: ACgBeo0LACTb6+z7lnwjClV2tRi4KvCbcWU8tUzT5eQgCZQbuvHwX2Lq
 F69ZexisLaM8H/ostxxl6ptYs0xAvogHq7IR
X-Google-Smtp-Source: AA6agR4nc1qF0do+3Csp8jWK9GPJ5kc+XzP6wyn8wMGdwu+zHtRH7Yz5v++fzgikmFGENWkg465EQA==
X-Received: by 2002:a17:902:6547:b0:16e:73c3:b799 with SMTP id
 d7-20020a170902654700b0016e73c3b799mr2596117pln.38.1659125666510;
 Fri, 29 Jul 2022 13:14:26 -0700 (PDT)
Received: from 45.83.89.22 ([45.83.89.22]) by smtp.gmail.com with ESMTPSA id
 y5-20020aa79425000000b0052ab7985e18sm3395798pfo.61.2022.07.29.13.14.25
 for <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com>
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 29 Jul 2022 13:14:26 -0700 (PDT)
Message-ID: <62e43fa2.a70a0220.dca7b.6259@mx.google.com>
From: Service Desk <lilhug075@gmail.com>
X-Google-Original-From: "Service Desk" <arcbro847@gmail.com>
Subject: Order Renewed#19641
To: "fbafe5e2f583357b7494bb5dda91e547" <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com>
Content-Type: multipart/alternative;
 boundary="1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw"
MIME-Version: 1.0
Date: Sat, 30 Jul 2022 01:44:26 +0530
X-PPP-Message-ID: <20220729201429.19719.88755@localhost.localdomain>
X-PPP-Vhost: greenvalleyrecording.com
X-Vade-Verdict: clean
X-Vade-Analysis-1: gggruggvucftvghtrhhoucdtuddrgedvfedrvddujedgudegkecutefuodetggdotefrodftvfcurfhr
X-Vade-Analysis-2: ohhfihhlvgemucfujgfpteevqfftpdghkffpfffuvfftgfetofdpgffpggdqhgfkpfffuffvtffgtefo
X-Vade-Analysis-3: necuuegrihhlohhuthemuceftddunecuogfntfdquehouhhnugdqtfefvdculdehmdenucfjughrpefk
X-Vade-Analysis-4: hffuvfgtggffsegrtderredttdejnecuhfhrohhmpefuvghrvhhitggvucffvghskhcuoehlihhlhhhu
X-Vade-Analysis-5: ghdtjeehsehgmhgrihhlrdgtohhmqeenucggtffrrghtthgvrhhnpeffheehuedujeejffejhedvgffh
X-Vade-Analysis-6: leejieetieejuedugeevleethedtkeehudduueenucfkphepieehrdduledrudeguddrjeejpdeghedr
X-Vade-Analysis-7: keefrdekledrvddvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepieehrddu
X-Vade-Analysis-8: ledrudeguddrjeejpdhhvghlohepthhomhhmhidvrdhhvghlihhohhhoshhtrdhorhhgpdhmrghilhhf
X-Vade-Analysis-9: rhhomhepufftufdtpeeuvfiilfepjgevpehgmhgrihhlrdgtohhmpehlihhlhhhughdtjeehsehgrhgv
X-Vade-Analysis-10: vghnvhgrlhhlvgihrhgvtghorhguihhnghdrtghomhdprhgtphhtthhopehgrhgvvghnvhgrlhhlvgih
X-Vade-Analysis-11: rhgvtghorhguihhnghesfihinhgushhtrhgvrghmrdhnvghtpdhmthgrhhhoshhtpehmgidrrghquhgr
X-Vade-Analysis-12: rdgsohhsrdhshihntgdrlhgrnhdpshhpfhepnhgvuhhtrhgrlhdpughkihhmpehprghsshdpnhgspghr
X-Vade-Analysis-13: tghpthhtohepud
X-Vade-Client: AQUA


--1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw
Content-Disposition: inline
Content-Type: text/plain; charset="utf-8"

Hello there
fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com


We thank you for subscribing again and being an active existing user with us!

We are pleased to inform you that your annual subscription is reactivated and your account is auto debited with $ 395.49

You automatically will be charged for a subscription on annual basis unless you cancel, your plan expired on 28 July 2023.

Questions? Customer support Team  # +1 855 (420) 2273

Sellers Description:
Geek Squad  Corporation

Service Plan Tenure:
12 Months Only

Mode of Payment:
Auto debit - Account funds

Amount Payable:
$ 395.49

We hope the payment is processed with your authorization , if you still find any transactional error - reach out immediately.

To raise a complaint or stop the future payments kindly get in touch with us +1 855 (420) 2273 within 2 business days.




Thanks & Regards!
Customer support Team (Geek Corp.)



--1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw
Content-Disposition: inline
Content-Type: text/html; charset="utf-8"

<html><head>
    <title></title>
</head>

<body>
    <p style="text-align: center; margin-bottom: 10px !important;">Hello there&nbsp;<br>fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com&nbsp;</p>
    <p style="text-align: center; margin-bottom: 10px !important;"><br>We thank you for subscribing again and being an active existing user with us!</p>
    <p style="text-align: center; margin-bottom: 10px !important;">We are pleased to inform you that your annual subscription is reactivated and your account is auto debited with $ 395.49</p>
    <p style="text-align: center; margin-bottom: 10px !important;">You automatically will be charged for a subscription on annual basis unless you cancel, your plan expired on 28 July 2023.</p>
    <p style="text-align: center; margin-bottom: 10px !important;">Questions? <span style='text-align: center; color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: "Times New Roman"; font-size: medium; font-style: normal; font-weight: 400; word-spacing: 0px; float: none; display: inline !important; white-space: normal; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;'>Customer support Team</span>&nbsp; # <font color="#0000ff"><font color="#0000ff"><strong>+1 855 (420) 2273</strong></font></font></p>
    <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Sellers Description:</strong><br>Geek Squad <sup>&nbsp;</sup>Corporation</p>
    <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Service Plan Tenure:</strong><br>12 Months Only</p>
    <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Mode of Payment:</strong><br>Auto debit - Account funds</p>
    <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Amount Payable:</strong><br>$ 395.49</p>
    <p style="text-align: center; margin-bottom: 10px !important;">We hope the payment is processed with your authorization , if you still find any transactional error - reach out immediately.</p>
    <p style="text-align: center; margin-bottom: 10px !important;">To raise a complaint or stop the future payments kindly get in touch with us <font color="#0000ff">+</font><strong style="font-weight: 700;"><font color="#0000ff">1 855 (420) 2273</font> </strong>within 2 business days.</p>
    <p style="text-align: center; margin-bottom: 10px !important;"><br></p>
    <p style="text-align: center; margin-bottom: 10px !important;">Thanks &amp; Regards!<br>Customer support Team (Geek Corp.)</p>
    <p style="text-align: center; margin-bottom: 10px !important;"><br><br></p>
    <p style="margin-bottom: 10px !important;"><br style='color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: "Times New Roman"; font-size: medium; font-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;'></p>


</body></html>



--1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw--

--edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b--

 

gvr590 Rookie

gvr590

Posted
  • Author
Posted

Hi,

Thank you for getting back to me quickly. 

I know nothing about this e-mail, and don't understand why it's associated with my site. And worse, I don't know what to do about it. Can you give me step by step instructions as to how I can rectify this? I'm sorry... I'm not very "tech savvy" and don't have any idea how this happened. I certainly am NOT sending spam e-mails from  my site.. (or from ANY account for that matter). it fact, I VERY rarely use my account web site to send e-mail.

Any help you can provide will be greatly appreciated. 

wolstech Grand Master

wolstech

Posted
Posted

So looking closer at that abuse report, it appears it came from a gmail account and used your domain as a spoofed "From". It looks like the abuse system sent the report to the bogus From instead of the actual sender. Usually we don't even get abuse reports for these, so it's kind of odd we did this time around.

Actual sender appears to be: 

From: Service Desk <lilhug075@gmail.com>
X-Google-Original-From: "Service Desk" <arcbro847@gmail.com>

So, not you at all, but a misdirected abuse report. Unsuspended.

gvr590 Rookie

gvr590

Posted
  • Author
Posted

Thank you very much for following up on this. And just to be clear, I would NEVER abuse Heliohost's generous service!

Have a great day.

Krydos Grand Master

Krydos

Posted
Posted
6 hours ago, wolstech said:

So looking closer at that abuse report, it appears it came from a gmail account and used your domain as a spoofed "From".

Weird that they even sent the abuse report to us if our server didn't even send the email. Their spam reporting system is obviously broken. 

Received: from [65.19.141.77] ([65.19.141.77:56692] helo=tommy2.heliohost.org)

It sure looks like Tommy2 sent it. 

Aug  1 21:14:08 tommy2 postfix/smtp[66027]: 653C74014CF9: to=<pismk@cqqcng.ru>, orig_to=<SRS0=x4qC=YB=cqqcng.ru=pismk@greenvalleyrecording.com>, relay=none, delay=373791, delays=373790/0/0.94/0, dsn=4.4.1, status=deferred (connect to mail.cqqcng.ru[212.193.30.69]:25: Connection refused)
Aug  1 21:34:07 tommy2 postfix/smtp[93875]: 095D04121DFF: to=<hsrnaes@jrojbh.ru>, orig_to=<SRS0=tuE9=YF=jrojbh.ru=hsrnaes@greenvalleyrecording.com>, relay=none, delay=13150, delays=13150/0.03/0.15/0, dsn=4.4.1, status=deferred (connect to mail.jrojbh.ru[208.67.106.129]:25: Connection refused)
Aug  1 21:49:08 tommy2 postfix/smtp[105253]: 0D700401E2AD: to=<pjofmzx@ckyjqm.ru>, orig_to=<SRS0=5E9X=YE=ckyjqm.ru=pjofmzx@greenvalleyrecording.com>, relay=none, delay=130314, delays=130313/0.06/0.94/0, dsn=4.4.1, status=deferred (connect to mail.ckyjqm.ru[37.139.129.6]:25: Connection refused)
Aug  1 22:24:08 tommy2 postfix/smtp[128195]: 653C74014CF9: to=<pismk@cqqcng.ru>, orig_to=<SRS0=x4qC=YB=cqqcng.ru=pismk@greenvalleyrecording.com>, relay=none, delay=377991, delays=377990/0.05/0.72/0, dsn=4.4.1, status=deferred (connect to mail.cqqcng.ru[212.193.30.69]:25: Connection refused)
Aug  1 22:44:07 tommy2 postfix/smtp[128195]: 095D04121DFF: to=<hsrnaes@jrojbh.ru>, orig_to=<SRS0=tuE9=YF=jrojbh.ru=hsrnaes@greenvalleyrecording.com>, relay=none, delay=17351, delays=17351/0/0.15/0, dsn=4.4.1, status=deferred (connect to mail.jrojbh.ru[208.67.106.129]:25: Connection refused)
Aug  1 22:59:07 tommy2 postfix/smtp[21339]: 0D700401E2AD: to=<pjofmzx@ckyjqm.ru>, orig_to=<SRS0=5E9X=YE=ckyjqm.ru=pjofmzx@greenvalleyrecording.com>, relay=none, delay=134514, delays=134513/0.11/0.61/0, dsn=4.4.1, status=deferred (connect to mail.ckyjqm.ru[37.139.129.6]:25: Connection refused)
Aug  1 23:34:07 tommy2 postfix/smtp[39966]: 653C74014CF9: to=<pismk@cqqcng.ru>, orig_to=<SRS0=x4qC=YB=cqqcng.ru=pismk@greenvalleyrecording.com>, relay=none, delay=382191, delays=382190/0/0.88/0, dsn=4.4.1, status=deferred (connect to mail.cqqcng.ru[212.193.30.69]:25: Connection refused)

I don't know. I see a lot of spam being sent from his account still. I've disabled the mail service for his .com for now to stop the spam.

@gvr590Do you actually need to be able to send emails from this domain or can we just leave mail turned off?

wolstech Grand Master

wolstech

Posted
Posted

Weird, I didn't see any suspicious scripts on his account. Could be a leaked password, but I still don't understand why the abuse report lists the original sender as a gmail account if it is indeed coming from us. If the Gmail address is meant to be the fake from address, the spammer was doing something odd since those X-Google headers don't actually appear anywhere a user would see them...why would you spoof those?

I looked in the account thinking that he had hacked WordPress or something but the site is mostly HTML and pictures. I didn't have time to figure out the mail logs (I knew how to research exim in cPanel, but still have no clue how the postfix based mail works on Plesk).

  • 3 weeks later...
gvr590 Rookie

gvr590

Posted
  • Author
Posted
On 8/1/2022 at 7:47 PM, Krydos said:

Weird that they even sent the abuse report to us if our server didn't even send the email. Their spam reporting system is obviously broken. 

Received: from [65.19.141.77] ([65.19.141.77:56692] helo=tommy2.heliohost.org)

It sure looks like Tommy2 sent it. 

Aug  1 21:14:08 tommy2 postfix/smtp[66027]: 653C74014CF9: to=<pismk@cqqcng.ru>, orig_to=<SRS0=x4qC=YB=cqqcng.ru=pismk@greenvalleyrecording.com>, relay=none, delay=373791, delays=373790/0/0.94/0, dsn=4.4.1, status=deferred (connect to mail.cqqcng.ru[212.193.30.69]:25: Connection refused)
Aug  1 21:34:07 tommy2 postfix/smtp[93875]: 095D04121DFF: to=<hsrnaes@jrojbh.ru>, orig_to=<SRS0=tuE9=YF=jrojbh.ru=hsrnaes@greenvalleyrecording.com>, relay=none, delay=13150, delays=13150/0.03/0.15/0, dsn=4.4.1, status=deferred (connect to mail.jrojbh.ru[208.67.106.129]:25: Connection refused)
Aug  1 21:49:08 tommy2 postfix/smtp[105253]: 0D700401E2AD: to=<pjofmzx@ckyjqm.ru>, orig_to=<SRS0=5E9X=YE=ckyjqm.ru=pjofmzx@greenvalleyrecording.com>, relay=none, delay=130314, delays=130313/0.06/0.94/0, dsn=4.4.1, status=deferred (connect to mail.ckyjqm.ru[37.139.129.6]:25: Connection refused)
Aug  1 22:24:08 tommy2 postfix/smtp[128195]: 653C74014CF9: to=<pismk@cqqcng.ru>, orig_to=<SRS0=x4qC=YB=cqqcng.ru=pismk@greenvalleyrecording.com>, relay=none, delay=377991, delays=377990/0.05/0.72/0, dsn=4.4.1, status=deferred (connect to mail.cqqcng.ru[212.193.30.69]:25: Connection refused)
Aug  1 22:44:07 tommy2 postfix/smtp[128195]: 095D04121DFF: to=<hsrnaes@jrojbh.ru>, orig_to=<SRS0=tuE9=YF=jrojbh.ru=hsrnaes@greenvalleyrecording.com>, relay=none, delay=17351, delays=17351/0/0.15/0, dsn=4.4.1, status=deferred (connect to mail.jrojbh.ru[208.67.106.129]:25: Connection refused)
Aug  1 22:59:07 tommy2 postfix/smtp[21339]: 0D700401E2AD: to=<pjofmzx@ckyjqm.ru>, orig_to=<SRS0=5E9X=YE=ckyjqm.ru=pjofmzx@greenvalleyrecording.com>, relay=none, delay=134514, delays=134513/0.11/0.61/0, dsn=4.4.1, status=deferred (connect to mail.ckyjqm.ru[37.139.129.6]:25: Connection refused)
Aug  1 23:34:07 tommy2 postfix/smtp[39966]: 653C74014CF9: to=<pismk@cqqcng.ru>, orig_to=<SRS0=x4qC=YB=cqqcng.ru=pismk@greenvalleyrecording.com>, relay=none, delay=382191, delays=382190/0/0.88/0, dsn=4.4.1, status=deferred (connect to mail.cqqcng.ru[212.193.30.69]:25: Connection refused)

I don't know. I see a lot of spam being sent from his account still. I've disabled the mail service for his .com for now to stop the spam.

@gvr590Do you actually need to be able to send emails from this domain or can we just leave mail turned off?

I'm sorry, I hadn't seen this reply or question before posting another support request (on another page). I found that my mail was switched off in Plesk and couldn't figure out how to turn it back on. I DO use that web-based e-mail address, but have it forwarded to my computer client address that I use for daily communication. If you could please re-enable that richard@greenvalleyrecording.com address, I'd very much appreciate it. If there's anything I can do to stop the spam from being sent from that address, please let me know what it would be. I certainly DON'T like that happening.  

Krydos Grand Master

Krydos

Posted
Posted

I already enabled mail in the other thread. Make sure you change your passwords and run a malware scan on your computer too. If the spam messages continue we'll need to disable mail again. The other thing you can do is use an external mail provider like a free Zoho account. That way our servers don't handle the mail and we won't get the abuse reports.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...