Have they provided you with examples of the emails? Have you examined them? Have you looked at your SMTP log?

The most obvious thing would be that you have an open SMTP relay. If you have no scripts on your site whatsoever, then you really have no reason to even be running an SMTP server.

Shut it off, and send your outgoing mail through your ISP, rather than through your SMTP server, until you can figure out the problem.

If you want to use your own server for your outbound mail, you should be connecting to it with SSL and configure it to not accept non-encrypted connections.

jtara,

thanks for the info.

>provided you with examples of the emails?
no just eaxmples of the load on the server.

Have you examined them? Have you looked at your SMTP log?
no, have no access to my hosting acct now, can I get them from outlook express?

>open SMTP relay / connecting to it with SSL
will look into shutting off SMTP server and sending outgoing mail through ISP but at the moment they have totally shut me off.

no, have no access to my hosting acct now, can I get them from outlook express?

No, you can't get them through Outlook Express. This is a log kept by your outbound SMTP server (assuming you have one).

Your host really seems to be being unreasonable, but they may also see you as being unreasonable.

It isn't their job to debug your site or solve your security problems.

However, it's quite unreasonable of them not to give you any means of determining where the problem is.

Not knowing what kind of hosting plan you have (shared? VPS? dedicated? co-located?) nor what your normal use of their email services are (am I correct that you are only using their SMTP/POP servers to send and receive mail for your domains using an email client?) it's hard to suggest where to go from here.

It sounds like they just aren't going to turn your account back on, and you'd best be shopping for a new host.

I can't imagine any reason why they wouldn't agree to turn the account back on with SMTP disabled. But again, I'm lacking details - whether you run your own SMTP server, use theirs, etc.

Hope you have your sites backed-up.

The host is really being unreasonable and I can see no reason for them to see me as being unreasonable. Opened acct end of June and got an email abuse notice end of Sept. They changed my password thinking it was a brute force password attack and told me to update any scripts/software i'm using. I didnt have to because I'm not running any scripts and the sites are all just 1 pager handcoded html for domains that get typein traffic. So they enabled my sites again and then email abuse occured again apparently and they shut me down yesterday without even notifying me grrrrrrrr....agree that it isn't their job to debug my sites or solve your my security problems but this seems to be on their end and it should be their job to solve this security problem.

Very little feedback from them, they seem to feel that since it happened twice it's my problem but I have done everything they said to do and they still don't respond.

Hosting plan is a reseller account but just used for my names by me. Highly recommeded host for resellers.

Normal use of their email services: only using their SMTP/POP servers to send and receive mail for my domains using an email client and only using 3 of the 100+ domains for email.

SMTP server: using theirs. I'd be happy to have it turned off but they have not even suggested that.

anyway, thanks again for the input :)

One thing you can look at: are you using autoresponders or is your mail account configured to reply with a message for non-existent accounts?

Our dedi hosting service sent an email that we exceeded the daily relay limit of 1000. I thought it odd we'd be sending 1000 from our small group of projects. We requested and received an increase to 5000. Five days later it hit that limit. Come to find out, one of our customers had his mail configured to reply with a message for non-existent accounts. And he was getting loads of spam.

If you configure a script to send "from" a spam target, and it hits a non-existent account, it bounces back where? To the "from" target, which is exactly how the spammers get their way, unless it is rejected. Autoresponders work the same way. There is a difference between a "bounce with message" and "reject."

Once we set his account to reject mail from non-existent accounts, the problem went away.

Before anyone chimes in we shouldn't be using their mail relay - it's the only way the plan is configured, it sucks but there it is . . .

thanks rockn...no autoresponders on existing or non-existent accounts.

Well, if you are using your host's SMTP server, that should rule-out an open relay.

I have to say, it sure sounds like the mail must be originating from one of your websites.

Are you sure that you have NO scripts installed on your sites? Whether you are using them or not? Does your host pre-install any scripts?

I would insist on seeing examples of the email that being sent. You can't possibly determine what is wrong without at least that.

I'm afraid your mistake was not following-up the first time and figuring out what was happening. Just changing your password was insufficient - it was a guess at what might be wrong, and a fairly unlikely one at that. At that point you had the ability to do some investigation, and you didn't.

I see your point. Unfortunately, the first time it happened I was told by a network security admin that according to their logs it looked as though someone had rooted my password and that he would just change the password for me and get me back online. I'm so occupied with domains, sem and content creation that I don't have anytime to study IT stuff. I wish they had looked deeper and told me more the first time.

< sure that you have NO scripts installed on your sites?
I did find this on one of my sites, guess i left in a template that I copied even though I'm not using xml or css:

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="css/tripp.css" rel="stylesheet" type="text/css" />
</head>

Does your host pre-install any scripts?
not that I am aware of, you would think that they would be!

yeah i'll try to get some examples of the email that's being sent.

If you don't need email, ask the hosting company to keep the websites up but remove the email accounts. Then put your email on another server. The excess load could be their fault. If you don't have any formail scripts to exploit, they could be exploiting the mail server if it bounces invalid recipients instead of refusing them.

the first time it happened I was told by a network security admin that according to their logs it looked as though someone had rooted my password and that he would just change the password for me and get me back online.

And changing your password automagically removed any exploits that the intruder installed?

he would just change the password for me and get me back online. I'm so occupied with domains, sem and content creation that I don't have anytime to study IT stuff.

OK, you didn't know any better. Their network security guy should have, though. If somebody did break in, simply changing the password is an unlikely remedy for whatever damage was done.

An intruder would typically install some exploit or exploits, and never log-in again.

You don't need to study IT stuff - but it sounds like you do need to have a part-time sysadmin to help you look after technical stuff.

I'm still not clear on whether is this a cheap hosting situation, where you shouldn't expect much service or consideration (if any), or poor service on an investment for quality server/service situation.

Hey guy's thanks for all your help on this, much appreciated. It was finally resolved 5 mins ago. Turns out that it was actually spam emails coming into just one of my domains due to a catch all being set to on. I didnt set it that way, but didnt notice it either because I've never used the domain for email or set it up for email. It wasent vulnerbale scripts or a password hack or even email being sent from my account, it was some spammer sending to one of my domains that wasent even set up for email but did have the catch all set to on.

The network admins were not helpful at all except for the one that called me today saying that he had figured it out in 30 seconds once he looked at it after getting to work. Unfreaking real. They have actually been great except for this incident where they either didnt bother to address my emails and calls about it or just wrote me off as a spammer to die with my 100+ sites that have lost revenue for 2 and half days now.