The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email spam sent through my server

Discussion in 'E-mail Discussions' started by tribulant, Jun 9, 2014.

  1. tribulant

    tribulant Member

    Joined:
    Mar 3, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Good day,

    Someone is sending spam through my server.

    This is the mail control data:

    Code:
    contrid 513 501
    <antonie@contrid.com>
    1402319735 0
    -ident contrid
    -received_protocol local
    -body_linecount 53
    -max_received_linelength 135
    -auth_id contrid
    -auth_sender contrid@tri.tribulant.org
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -local
    -sender_set_untrusted
    XX
    1
    safefy-tubs@total-bathtub-deals.me
    I've changed the passwords on that account and for all it's mail accounts and that didn't work so I suspended it and that still didn't work so I have no idea how to stop it.

    Can someone give me some guidance, please?
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Restart Exim and the POP/IMAP service. That will cause the sender to need to authenticate again, which it should not be able to do since you changed the password and suspended the account.
     
  3. tribulant

    tribulant Member

    Joined:
    Mar 3, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Thanks, will try this now.

    Then, how can I prevent this completely?
    I want to unsuspend the account at some stage because I use it.
     
  4. tribulant

    tribulant Member

    Joined:
    Mar 3, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    It seems like this may have worked now.
    There used to be a new email in the queue every few minutes.

    I now changed the passwords again on the cPanel account and also on all the email accounts.
    I then restarted both Exim and Dovecot and no spam emails in the queue yet.

    So if the queue remains clean, it means someone got a hold of the username/password for one of my mailboxes.

    I'll post back here in a couple of hours to let you know.
     
Loading...

Share This Page