The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Find owner of email user

Discussion in 'E-mail Discussions' started by cncking2000, Mar 25, 2009.

  1. cncking2000

    cncking2000 Registered

    Joined:
    Mar 25, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I happened to check the mail queue to find 147092 messages in the queue, which were all spam. The person sending them authenticated properly, and I am wanting to know how to track down the cpanel account that owns that email user. Is there an easy way of doing this?
     
  2. cncking2000

    cncking2000 Registered

    Joined:
    Mar 25, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I have answered my own question... I just had to go to the View Relayers section to see who was the highest. That was much easier than straining my eyes to see the logs...
     
  3. Be Hard!

    Be Hard! Member

    Joined:
    Mar 24, 2009
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    Well there is an easy and quick way to detect a spammer by dropping a few lines into your shell.

    just type the following in your command prompt

    grep cwd=/home /var/log/exim_mainlog

    that will retrive all emails sent via php or cgi (the one that most times appears must be the spammer). This is also useful in servers where suexec is not enabled.

    Cheers!

    Be Hard!
    Optimization & Security Services for Cpanel
     
    rhenderson likes this.
  4. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    Nice post Be Hard, gave you a rep for that one.
     
    #4 rhenderson, Mar 25, 2009
    Last edited: Mar 29, 2009
  5. cncking2000

    cncking2000 Registered

    Joined:
    Mar 25, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Thank you, but my problem is different than that. After finding out the issue, I am noticing that it is a compromised authenticated user that is relaying email from a remote domain to another remote domain. Is there any way to stop this? I am hoping that there is a way to allow sending of email from only the registered domain on the server. Currently, once authenticated, someone can use it as an open relay of sorts, and have any sender email address they want, causing me much grief. any advice would be appreciated.
     
  6. JamesSmith

    JamesSmith Well-Known Member

    Joined:
    Sep 17, 2003
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK, Luton
    We experience the same problems, it is a major pain in the arse.
     
Loading...

Share This Page