Its been noticed that many of the hosting companies facing the issue with lots of malware infected emails/ bounce back from fallcolorsredandbrown.com , which is troubling customer, and leads to get ip blocked on many location. To stop it we should stop the relay and also make sure you block the domain from sending the emails from the server itself , These emails are mainly coming with subject “my new photo;)” and attachment with it
Lets see how we can stop it:
open /etc/exim.conf.localopts and add below line at bottom of file
systemfilter=/etc/cPanel_exim_system_filter_custom
Then copy filter file to custom
#cp -rp /etc/cpanel_exim_system_filter /etc/cpanel_exim_system_filter_custom
Open custom file
# vi /etc/cpanel_exim_system_filter_custom
Add below code in it
=====================================
if $header_to: contains “@fallcolorsredandbrown.com”
then
#fail text “This is blocked due to spamming”
seen finish
endif
if $header_to: contains “@amazon.kwiveolicensings.com”
then
#fail text “This is blocked due to spamming”
seen finish
endif
=====================================
then rebuild exim
# /scripts/buildeximconf
restart exim
#service exim restart
This will stop the emails been send from server :
2014-10-30 08:31:11 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1Xjosh-002DT1-1I
2014-10-30 08:31:11 1Xjosh-002DT1-1I => discarded (system filter)
2014-10-30 08:31:11 1Xjosh-002DT1-1I Completed