Email Spamming / Mail Queue problem

Ari Widya Putra

Registered
Jan 4, 2015
1
0
1
Bandung, Indonesia
cPanel Access Level
Root Administrator
helo,

this email is caused my mail queue full and never stop, i guess it send spam from my hosting. please help me to stop this.

email [email protected] is not exist in my hosting email account
username is username of my cpanel hosting
cloud.domain.net is my subdomain

Code:
Headers spool file
1Y7oK9-0002rL-Jl-H
username 500 500
<[email protected]>
1420390001 0
-ident username
-received_protocol local
-body_linecount 123
-max_received_linelength 94
-auth_id ajcosnet
-auth_sender [email protected]
-allow_unqualified_recipient
-allow_unqualified_sender
-deliver_firsttime
-local
XX
1
[email protected]

212P Received: from username by cloud.domain.net with local (Exim 4.82)
	(envelope-from <[email protected]>)
	id 1Y7oK9-0002rL-Jl
	for [email protected]; Sun, 04 Jan 2015 23:46:42 +0700
033T To: [email protected]
029  Subject: Postal Notification
050F From: "FedEx SameDay" <[email protected]>
026  X-Mailer: Oudmlr(ver.3.4)
054R Reply-To: "FedEx SameDay" <[email protected]>
018  Mime-Version: 1.0
081  Content-Type: multipart/alternative;boundary="----------142039000154A96E718BEBA"
055I Message-Id: <[email protected]>
038  Date: Sun, 04 Jan 2015 23:46:41 +0700
Data spool file
1Y7oK9-0002rL-Jl-D
------------142039000154A96E718BEBA
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
  
  FedEx

  Dear Customer,
  
  Your parcel has arrived at December 29. Courier was unable to deliver the parcel to you.
  To receive your parcel, print this label and go to the nearest office. 
  
  Get Shipment Label

  FedEx 1995-2014

------------142039000154A96E718BEBA
Content-Type: text/html; charset="ISO-8859-1";
Content-Transfer-Encoding: 7bit

<html>
<body>
<table border="0" width="567" height="311" 
style="border-collapse: collapse">
 <tr>
  <td height="67" width="14" bgcolor="#3B1A73">
  <font size="6"> </font></td>
  <td height="67" width="549" bgcolor="#3B1A73" colspan="3">
  <font size="6" face="Tahoma" color="#FFFFFF">
  <span style="letter-spacing: -2px; font-weight: 700">Fe</span><span 
  style="font-weight: 700; letter-spacing: -5px">d</span></font><font 
  size="6" face="Tahoma" color="#ADAFB1"><span 
  style="font-weight: 700; letter-spacing: -5px">E</span><span 
  style="letter-spacing: -2px; font-weight: 700">x</span></font></td>
 </tr>
 <tr>
  <td height="21" width="14" bgcolor="#555555"></td>
  <td height="21" width="146" bgcolor="#555555"></td>
  <td height="21" width="401" bgcolor="#EAEAEA" colspan="2"></td>
 </tr>
 <tr>
  <td height="122" width="14"></td>
  <td height="122" width="549" colspan="3">
  <span style="font-family:Arial;font-size:12px;">
  Dear Customer,<br>
  <br>
  Your parcel has arrived at December 29. Courier was unable to deliver the parcel to you.<br>
  To receive your parcel, print this label and go to the nearest office. <br>
  </span>
 </td>
 </tr>
 <tr>
  <td height="42" width="14"></td>
  <td height="42" width="146"></td>
  <td height="42" width="232">
  <a href="http://karatec.com.au/session.php?fd=MWu+d699VcmBktMms53CzMjjcAVyJ+Ng5fSSVCYvCUs=">
  <div style="width:232px;height:40px;line-height:38px;background-color:#3B1A73;
  border-radius:7px;-moz-border-radius:7px;-webkit-border-radius:7px;
  text-align:center;color:#FFFFFF;font-size:18px;
  font-weight:bold;text-decoration:none;font-family:Arial;">
  Get Shipment Label</div>
  </a>
  </td>
  <td height="42" width="167"></td>
 </tr>
 <tr>
  <td height="38" width="14"></td>
  <td height="38" width="549" colspan="3"></td>
 </tr>
 <tr>
  <td height="21" width="14" bgcolor="#EAEAEA"></td>
  <td height="21" width="549" colspan="3" bgcolor="#EAEAEA">
  <span style="font-family:Arial;font-size:10px;">
  FedEx 1995-2014
  </span>
  </td>
 </tr>
</table>
</body>
</html>

------------142039000154A96E718BEBA--
please advice

Thanks :)
 
Last edited by a moderator:

John

Active Member
Jan 1, 2014
25
2
3
cPanel Access Level
Root Administrator
Seems like mails are generated from malicious scripts,

Try this link /http://blog.rimuhosting.com/2012/09/20/finding-spam-sending-scripts-on-your-server/
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello :)

Try running the following command:

Code:
awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
This may help determine which directory most the SPAM is coming from.

Thank you.