Best Practices to stop outbound spam


Active Member
Jun 23, 2015
United Kingdom
cPanel Access Level
Root Administrator
Hey there,

Over the past few weeks I've caught multiple Wordpress installs on my server being the cause of sending out spam, outdated/vulnerable plugins etc.

The sender emails are all fake i.e.

[email protected]

What are the best practices, for a server administrator (other than telling users to keep wordpress updated and secure), for preventing these emails from being sent?

Is there a method to prevent outbound emails from email accounts that don't exist on the server?

-SMTP_Block enabled.
-Prevent “nobody” from sending mail
-Max hourly emails per domain 120

Anything else to consider? (I've probably forgotten a few other settings I've changed to combat this!)

Furthermore, is there a particular command or method to find the exact file being used to send out spam?
I'm aware of the following which is very useful, however, is rather difficult if there are many php files in the directory and the spam script is conspicuously named.
grep cwd /var/log/exim_mainlog | awk '/public_html/ {print $3}' | sort | uniq -c

Thanks :)
Last edited:


Staff member
Apr 11, 2011
Hello :)

The document referenced in the previous response is a good place to start. As far as the command, you could try searching the files in those directories for strings related to email. For instance:

grep mail /home/$user/public_html/script/*
Thank you.