Detect and Stop Outgoing Spam?

Wemerson Guimaraes

Registered
Sep 2, 2018
2
0
1
Brazil
cPanel Access Level
Root Administrator
Hi

We use MailChannels to deliver all emails of our server and exim is configured to max 300 messages per hour... and and someone is using the server to sent a lot SPAM and MailChannels sent me a lot of warnings about spam senders comming from our server or messages that are forwarded from our server... and today sents more than 100.000 messages (but how about 300 msg limit per hour ???)

Can you please indicate me some plugins to use with cpanel that warns me via email or sending message to my phone when detect bad behavior in senders ???

And, i need some tips about how can i do to detect the senders in my server, based on mailchannels log ? See some log examples from mailchannels ?


1 - Sender not found
Code:
This is an alert about the Sender ID, m0wkuu36cr|mailer-daemon|67.205.xxx.xx|3474770294, on your network. The senderm0wkuu36cr|mailer-daemon|67.205.xxx.xx|3474770294 is sending SPAM. Some additional information that may assist in trackingdown the problem follows.

Time: 1535881405
Originator: m0wkuu36cr|mailer-daemon|67.205.xxx.xx|3474770294
Originator Type: Sender ID
Sender ID: m0wkuu36cr|mailer-daemon|67.205.xxx.xx|3474770294
Envelope Sender: <>
IP: 67.205.xxx.xx
Condition: m0wkuu36cr|mailer-daemon|67.205.xxx.xx|3474770294 is sending SPAM

2 - Forwarded from other location (104.41.xxx.xx )
Code:
This is an alert about the Sender ID, _forwarded-from|104.41.xxx.xx, on your network. The sender_forwarded-from|104.41.xxx.xx is sending SPAM. Some additional information that may assist in trackingdown the problem follows.

Time: 1535633680
Originator: _forwarded-from|104.41.xxx.xx
Originator Type: Sender ID
Sender ID: _forwarded-from|104.41.xxx.xx
Envelope Sender: [email protected]
IP: 67.205.xxx.xx
Condition: _forwarded-from|104.41.xxx.xx is sending SPAM
Look at [email protected] ... example.org.br is not on my server... I need to understand how this is possible and what can i do to stop this.
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,236
463
Hello @Wemerson Guimaraes,

The following documents are a good place to start when attempting to prevent email abuse overall:

How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation
How to Prevent Spam with Mail Limiting Features - cPanel Knowledge Base - cPanel Documentation

Additionally, cPanel & WHM version 74 includes a new feature to reject and hold email for suspected spammers. You can read more about it at:

Reject and hold outgoing mail for suspect spammers

As far as the forwarded email in-question, can you review /var/log/exim_mainlog on the cPanel server to see if you notice any specific output matching the time stamps in the output you provided. The following resource is useful for understanding how to search the Exim logs for the information you are seeking:

Tutorial - Reading and Understanding the exim main_log

Thank you.