Askiter Blog

It will be one of the following scenarios:

1) It’s a NAT firewall, in which case it is a NAT in front of a machine that is infected with spam sending spamware.
2) It’s directly infested with spam sending spamware.

This detection is of the DarkMailer/YellSOFT DirectMailer Spamware.

You can find out more detail on this by doing google searches for “YellSOFT DirectMailer” or “DarkMailer”, including screenshots of the control panel this software installs on your web server (the control panel in Russian).

See, for example,

http://en.wikipedia.org/wiki/Dark_Mailer

http://forums.cpanel.net/showthread.php?p=496217

Note the references to “csf SMTP_BLOCK” and “WHM’s SMTP Tweak”

This detection is that of a spammer who has broken into your web server (usually) via cracked or keylogged FTP credentials.
Once they’ve logged in via FTP, they install perl scripts that do the spamming.  CPanel and Plesk installations are the most common infectees, but others (including Apache) are also subject to this problem. Read more…