Higher server load than normal..

[julzk]

Over the past 6 days there has been higher server loads than normal. Between the 1.xx and the 6.xx mark on one of our servers. We have been looking into the issue and cannot seem to find the problem thus far. After restarting exim and cpop services, the server laod would drop which gives me an indication it's the mail server causing the high load. It also was reported that spamcop has added the server ip to their database listing. I have a strong feeling someone is sending out mass spam from our server. The hard part is trying to track and find the abuser. Is there any way I can find out through ssh or within cpanel who is sending out the spam?

[dalem]

I dont think its a strong feeling that someone is spamming its a fact

You need to search you mail logs for the ofending messages(s) and see which user is sending them


see if you have a formail exploit

[julzk]

Just for example, after 2 days of server being up, there are over 67,000 emails sitting in the queue.. which is just a little too much don't you think? How on earth can I go through that many emails and try to find the offender?

[vivek]

Dear friend,

Regularly check the maillog and traceout the mail address which is sending spam, also check the mail headers wo that you can clear cut idea who sending spam. The mail queue clearly indicates that there is spam done. Take necessary steps soon else your server will be unplugged due to outbound attack (depending upon the data center. i have servers at ev1servers.net and they have such policy). Take care of it. Also configure your sendmail.cf.
If you have more queries feel free to ask

Vivek.