Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Best way to determine which user is sending spam

Discussion in 'General Discussion' started by justhost, Oct 1, 2003.

  1. justhost

    justhost Well-Known Member

    Sep 2, 2003
    Likes Received:
    Trophy Points:
    Halifax, Nova Scotia

    It appears that someone is sending out some nasty spam through my server. I am wondering what the best method is to track down the culprit?

    It is an exim mailserver.

    Here is a snippit of the mail header:

    mailnull 47 12
    1064792937 0
    -ident mailnull
    -received_protocol local
    -body_linecount 66

    151P Received: from mailnull by shark.****.*** with local (Exim 4.20)
    id ****-0008SM-T4
    for ********; Sun, 28 Sep 2003 20:48:57 -0300
    049 X-Failed-Recipients: ******
    056F From: Mail Delivery System <Mailer-Daemon@shark.*****.***>
    033T To: ******
    059 Subject: Mail delivery failed: returning message to sender
    045I Message-Id: <*****-0008SM-T4@shark.*****.***>
    038 Date: Sun, 28 Sep 2003 20:48:57 -0300

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    SMTP error from remote mailer after RCPT TO:<********>:
    host []: 552 RCPT TO:<*******> Mailbox disk quota exceeded

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <********>
    Received: from nobody by shark.*****.***with local (Exim 4.20)
    id *****-0008Rm-UQ
    for *******; Sun, 28 Sep 2003 20:48:56 -0300
    From: ******
    To: ******
    Subject: Exclusive C.P. site !!! 20319
    Message-Id: <******-0008Rm-UQ@shark.*****.***>
    Date: Sun, 28 Sep 2003 20:48:56 -0300

    __________________ Support Ticket Number:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. mickeymouse

    mickeymouse Well-Known Member

    Sep 16, 2003
    Likes Received:
    Trophy Points:
    Dear justhost,

    You can use the method given at the following URL to help you.


Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice