Email Spamming from my server

Vasanthjan

Member
Mar 8, 2017
14
0
1
India
cPanel Access Level
Root Administrator
In my WHM server, there is so many spam emails are outgoing. I can't find the exact reason why it is happening.

1. I have suspended the cPanel account in WHM.
2. Reduce the outgoing email limit into zero in modify an account option.
3. Scanned the account using Virus Scanner it shows zero virus.
4. Scanned the account using the ConfigServer Exploit Scanner also. No Threads are found in the cPanel account.
5. Even the account doesn't have any files in public_html.
6. It has one few email accounts only.

But still, the account is sending more spam from my server. Help me out to resolve this issue.

Here is sample header of the email to refer. I need the permanent solution for this to stop spam mail from my server.

One more help. How to stop the injection of scripts on my server.

Code:
1cmhnL-001VSi-IT-H
mailnull 47 12
<[email protected]>
1489241695 0
-helo_name [192.168.x.xxx]
-host_address 78.135.xx.xx.54264
-host_auth dovecot_login
-interface_address 138.xxx.xxx.xxx.25
-received_protocol esmtpsa
-body_linecount 7
-max_received_linelength 76
-auth_id blahblah
-host_lookup_failed
-tls_cipher TLSv1:DHE-RSA-AES256-SHA:256
-tls_ourcert -----BEGIN CERTIFICATE-----\nMIIFPDCCBCSgAwIBAgIQba5JvSlYq6Qi7STnE5bvtjANBgkqhkiG9w0BAQsFADBy\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxEDAOBgNVBAcTB0hvdXN0b24xFTAT\nBgNVBAoTDGNQYW5lbCwgSW5jLjEtMCsGA1UEAxMkY1BhbmVsLCBJbmMuIENlcnRp\nZmljYXRpb24gQXV0aG9ya2MDYyNDAwMDAwMFoXDTE3MDYyNDIzNTk1\nOVowXDEhMB8GA1UECxMYRG9tYWluIEMPOd/Hy2envuD15p3cV3BKTrHu9g6uTrm/xECfmciLlQhE6LISmIRN\ntx3TS4AMbNoV80hymhvpe6v0iP0w2zwJZ9u/MQVcXz069Z083UXpwP0QoMgIG5L/\nMwIDAQABo4IB4jCCVR0jBBA9hjto\ndHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9jUGFuZWxJbmNDZXJ0aWZpY2F0aW9uQXV0\naG9yaXR5LmNybDB9BggrBgEFBQcBAQRxMG8wRwYIKwYBBQUHMAKGO2h0dHA6Ly9j\ncnQuY29tb2RvY2EuY29tL2NQYW5lbEluY0NlcnRpZmljYXRpb25BdXRob3JpdHku\nY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wQQYDVR0R\nBDowOIIYbGlvbi5zdXBlcm5pbmphY2xvdWQuY29tghx3d3cubGlvbi5zdXBlcm5p\nbmphY2xvdWQuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAFhDD40Z8QyHU7HmR01Nga\nLVL+ujMbSzc4X8LZVKVavNtDbHz9BvNuu+lVw6dzDJb/3C0TTBznRiOqAQIr\n28WuTEpi+6GQ1CjoNC5Nc/Lx2O+sIfv/Anc1sfbLHmkTVtzF0omjAaEujhj+EgLP\naal3NMhg3LgmrvEY6v53rFad1Ag6h2iMRIPiL+PQCxDqThEvOxTPTODydnb9IxRH\nnqPOxVawfrl3j1wtL9ixCSQ2JIs2p4QcJyznGVlHKBsoknPJRT7jO0nGjGZg8gBn\n++/OewZVuqQQIix3aOf3trQ4i+Oh5b4a7SEoO9nRnl9tvYG0mJ75PUZLxr+A4xv8\n-----END CERTIFICATE-----\n
XX
20
- Removed Email Addresses -

237P Received: from [78.135.xx.xx] (port=54264 helo=[192.168.x.xxx])
by servername.hostdomain.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.87)
(envelope-from <[email protected]>)
id 1cmhnL-001VSi-IT; Sat, 11 Mar 2017 19:44:55 +0530
047 Content-Type: text/plain; charset="iso-8859-1"
018 MIME-Version: 1.0
044 Content-Transfer-Encoding: quoted-printable
039 Content-Description: Mail message body
028 Subject: Congratulation !!!
031T To: Recipients <[email protected]>
020F From: [email protected]
019C Cc: [email protected]
038 Date: Sat, 11 Mar 2017 17:14:44 +0300
031R Reply-To: [email protected]
065 X-Antivirus: avast! (VPS 170310-1, 03/10/2017), Outbound message
 
Last edited by a moderator:

SysSachin

Well-Known Member
Aug 23, 2015
604
48
28
India
cPanel Access Level
Root Administrator
Twitter
Hi,

Try to find out mail script path using bellow command.

tail -n 2000 /var/log/exim_mainlog | grep /home

The above command will show the mails which are sent from using php script.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
  • Like
Reactions: Vasanthjan