lfd on host.yourdomain.com: RELAY Alert for (US/United States)

Discussion in 'Linux VPS/Dedicated - General' started by juliereader, Feb 20, 2015.

  1. juliereader

    juliereader New Member

    I am getting hundreds of these errors in my inbox everyday.

    Time: Thu Feb 19 23:09:28 2015 -0500
    Type: RELAY, Remote IP - (US/United States/mx55.h.outbound.createsend.com)
    Count: 101 emails relayed
    Blocked: No

    Sample of the first 10 emails:

    2015-02-19 23:02:56 1YOenn-0002bF-RJ <= [email protected] H=mx55.h.outbound.createsend.com []:35593 P=esmtp S=50023 id=[email protected] T="Just Car News: Reel Deal Winners, Latest from Mighty Car Mods, ADGP and more" for [email protected]

    do anyone knows what is it?
  2. KH-FreddieA

    KH-FreddieA Technical Support Operator Staff Member

    We've addressed this in a ticket. Lots of email from that hostname.
  3. Dan

    Dan Moderator

    @KH-FreddieA It would be helpful not only to @juliereader but to the rest of us as well to actually say what happened here.

    To my knowledge a cPanel installation does not allow relaying and yet, obviously, someone was using her VPS to do exactly that.

    If I were to guess I would say that the spammers hacked an email address password and then used it to maximum effect at her cost. But that's just a guess.
  4. KH-AmosH

    KH-AmosH Quality Assurance Manager Staff Member

    This is not outgoing spam being relayed through the VPS. This is incoming spam being received by the VPS which caused LFD to trigger a RELAY alert due to the remote IP address '' sending to over 100 recipients within an hour's time.

    If anyone receives this type of alert, please open a ticket so we can take a closer look at the logs.
  5. KH-FreddieA

    KH-FreddieA Technical Support Operator Staff Member

    Sorry for my brevity folks. I was worried about how much I could say in public.

    Note the 'RELAY, Remote IP' in the type. This is different than a AUTHRELAY or a LOCALRELAY, both of which indicate a spamming issue.

Share This Page