Fake Mail With Hostname

Operating System & Version
CentOS7
cPanel & WHM Version
100.0.5

creemhost

Registered
Nov 20, 2020
4
1
3
Pakistan
cPanel Access Level
Root Administrator
Fake emails sending from my system with fake name like [email protected] fiuzz cPanel username not available, please help me which cPanel account sending like this mails ?
I'm getting abuse complaints from datacenter.

This is a Comcast Abuse Report for an email message received from domain u5.creemhost.com, IP 254.263.627, on Fri, 26 Nov 2021 06:24:37 +0000.

Feedback-Type: abuse
Version: 1
Reported-Domain: myhostname.com
Source: Comcast
Abuse-Type: complaint
Subscription-Link: Feedback Loop Service
User-Agent: ReturnPathFBL/2.0
Arrival-Date: Fri, 26 Nov 2021 06:24:37 +0000
Original-Rcpt-To: [email protected]
Original-Rcpt-To: [email protected]
Original-Mail-From: [email protected]
Source-Ip: my serverIP
 

quietFinn

Well-Known Member
Feb 4, 2006
1,649
323
438
Finland
cPanel Access Level
Root Administrator
You should find those mails logged in Exim log /var/log/exim_mainlog
For example:

Code:
grep "[email protected]" /var/log/exim_mainlog
 

Handssler Lopez

Well-Known Member
Apr 30, 2019
86
29
18
Guatemala
cPanel Access Level
Root Administrator
you can search through the graphical view of WHM

Home »Email» Mail Delivery Reports
[email protected] - sender / from address

** Due to defects, you can only search for the last 10 days

once you have the id [1myL1u-0001U7-IT] of some mail you can perform the search as mentioned before in / var / log / exim_mainlog

That will give you the necessary data to detect how the sending is being carried out, if it is through an email account and they are modifying the headers, if they are using a script for this delivery, if they are doing it through a compromised cms .

*** notes ***
You can currently set sending limits per hour in all and verify which account crosses the limit and why, if they are valid emails or not, this can help you in detecting spam.

** important **
- mailman is not restricted by these limits
- Shipments made directly by the cpanel user are not restricted either.

You can also help you with the following configuration to detect possible spammers on your server

Home »Server Configuration» Tweak Settings »Mail» Number of unique recipients per hour to trigger potential spammer notification

modify the number as you see fit

I hope I've helped
 
  • Like
Reactions: cPanelAnthony