How to STOP Malware emails Generated from fallcolorsredandbrown.com

Its been noticed that many of the hosting companies facing the issue with lots of malware infected emails/ bounce back from fallcolorsredandbrown.com , which is troubling customer, and leads to get ip blocked on many location. To stop it we should stop the relay and also make sure you block the domain from sending the emails from the server itself , These emails are mainly coming with subject “my new photo;)” and attachment with it

 

Lets see how we can stop it:
open /etc/exim.conf.localopts and add below  line at bottom of file

systemfilter=/etc/cPanel_exim_system_filter_custom

Then copy filter file to custom
#cp -rp /etc/cpanel_exim_system_filter /etc/cpanel_exim_system_filter_custom
Open custom file
# vi /etc/cpanel_exim_system_filter_custom

Add below code in it

=====================================

if $header_to: contains “@fallcolorsredandbrown.com”
then
#fail text “This is blocked due to spamming”
seen finish

endif

if $header_to: contains “@amazon.kwiveolicensings.com”
then
#fail text “This is blocked due to spamming”
seen finish

endif

=====================================
then rebuild exim
# /scripts/buildeximconf
restart exim
#service exim restart

 

This will stop the emails been send from server :

2014-10-30 08:31:11 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1Xjosh-002DT1-1I
2014-10-30 08:31:11 1Xjosh-002DT1-1I => discarded (system filter)
2014-10-30 08:31:11 1Xjosh-002DT1-1I Completed

 

 

 

---