My server has been sending spam this morning and I'm stumped as to where it's coming from. Log entries' look like this
[email protected] was an address on an account, but those email addresses have all been moved to outlook.com and deleted from cpanel.
Tried the following:
Changed foo.com password
Restarted Exim
Blocked IP addresses - mail keeps being sent out from new IPs
Reviewed mail headers from queue
I can't understand why it is showing authentication from a removed address? Any thoughts?
Thanks!
Code:
2014-04-21 12:53:03 1WcIOs-00006Q-Hl <= [email protected] H=(foo.com) [190.18.xx.xx]:2578 P=esmtpa [email protected] S=5777 T="Fw: News" for [email protected] [email protected] [email protected] etc...
Tried the following:
Changed foo.com password
Restarted Exim
Blocked IP addresses - mail keeps being sent out from new IPs
Reviewed mail headers from queue
I can't understand why it is showing authentication from a removed address? Any thoughts?
Thanks!