Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email Spamming from my server

Discussion in 'E-mail Discussions' started by Vasanthjan, Mar 11, 2017.

Tags:
  1. Vasanthjan

    Vasanthjan Member

    Joined:
    Mar 8, 2017
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    In my WHM server, there is so many spam emails are outgoing. I can't find the exact reason why it is happening.

    1. I have suspended the cPanel account in WHM.
    2. Reduce the outgoing email limit into zero in modify an account option.
    3. Scanned the account using Virus Scanner it shows zero virus.
    4. Scanned the account using the ConfigServer Exploit Scanner also. No Threads are found in the cPanel account.
    5. Even the account doesn't have any files in public_html.
    6. It has one few email accounts only.

    But still, the account is sending more spam from my server. Help me out to resolve this issue.

    Here is sample header of the email to refer. I need the permanent solution for this to stop spam mail from my server.

    One more help. How to stop the injection of scripts on my server.

    Code:
    1cmhnL-001VSi-IT-H
    mailnull 47 12
    <info@mail.com>
    1489241695 0
    -helo_name [192.168.x.xxx]
    -host_address 78.135.xx.xx.54264
    -host_auth dovecot_login
    -interface_address 138.xxx.xxx.xxx.25
    -received_protocol esmtpsa
    -body_linecount 7
    -max_received_linelength 76
    -auth_id blahblah
    -host_lookup_failed
    -tls_cipher TLSv1:DHE-RSA-AES256-SHA:256
    -tls_ourcert -----BEGIN CERTIFICATE-----\nMIIFPDCCBCSgAwIBAgIQba5JvSlYq6Qi7STnE5bvtjANBgkqhkiG9w0BAQsFADBy\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxEDAOBgNVBAcTB0hvdXN0b24xFTAT\nBgNVBAoTDGNQYW5lbCwgSW5jLjEtMCsGA1UEAxMkY1BhbmVsLCBJbmMuIENlcnRp\nZmljYXRpb24gQXV0aG9ya2MDYyNDAwMDAwMFoXDTE3MDYyNDIzNTk1\nOVowXDEhMB8GA1UECxMYRG9tYWluIEMPOd/Hy2envuD15p3cV3BKTrHu9g6uTrm/xECfmciLlQhE6LISmIRN\ntx3TS4AMbNoV80hymhvpe6v0iP0w2zwJZ9u/MQVcXz069Z083UXpwP0QoMgIG5L/\nMwIDAQABo4IB4jCCVR0jBBA9hjto\ndHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9jUGFuZWxJbmNDZXJ0aWZpY2F0aW9uQXV0\naG9yaXR5LmNybDB9BggrBgEFBQcBAQRxMG8wRwYIKwYBBQUHMAKGO2h0dHA6Ly9j\ncnQuY29tb2RvY2EuY29tL2NQYW5lbEluY0NlcnRpZmljYXRpb25BdXRob3JpdHku\nY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wQQYDVR0R\nBDowOIIYbGlvbi5zdXBlcm5pbmphY2xvdWQuY29tghx3d3cubGlvbi5zdXBlcm5p\nbmphY2xvdWQuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAFhDD40Z8QyHU7HmR01Nga\nLVL+ujMbSzc4X8LZVKVavNtDbHz9BvNuu+lVw6dzDJb/3C0TTBznRiOqAQIr\n28WuTEpi+6GQ1CjoNC5Nc/Lx2O+sIfv/Anc1sfbLHmkTVtzF0omjAaEujhj+EgLP\naal3NMhg3LgmrvEY6v53rFad1Ag6h2iMRIPiL+PQCxDqThEvOxTPTODydnb9IxRH\nnqPOxVawfrl3j1wtL9ixCSQ2JIs2p4QcJyznGVlHKBsoknPJRT7jO0nGjGZg8gBn\n++/OewZVuqQQIix3aOf3trQ4i+Oh5b4a7SEoO9nRnl9tvYG0mJ75PUZLxr+A4xv8\n-----END CERTIFICATE-----\n
    XX
    20
    - Removed Email Addresses -
    
    237P Received: from [78.135.xx.xx] (port=54264 helo=[192.168.x.xxx])
    by servername.hostdomain.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
    (Exim 4.87)
    (envelope-from <info@mail.com>)
    id 1cmhnL-001VSi-IT; Sat, 11 Mar 2017 19:44:55 +0530
    047 Content-Type: text/plain; charset="iso-8859-1"
    018 MIME-Version: 1.0
    044 Content-Transfer-Encoding: quoted-printable
    039 Content-Description: Mail message body
    028 Subject: Congratulation !!!
    031T To: Recipients <info@mail.com>
    020F From: info@mail.com
    019C Cc: info@yahoo.com
    038 Date: Sat, 11 Mar 2017 17:14:44 +0300
    031R Reply-To: someusr@gmail.com
    065 X-Antivirus: avast! (VPS 170310-1, 03/10/2017), Outbound message 
    
    
     
    #1 Vasanthjan, Mar 11, 2017
    Last edited by a moderator: Mar 11, 2017
  2. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    77
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
  3. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    569
    Likes Received:
    40
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi,

    Try to find out mail script path using bellow command.

    tail -n 2000 /var/log/exim_mainlog | grep /home

    The above command will show the mails which are sent from using php script.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Vasanthjan likes this.
Loading...

Share This Page