Finding the spam source

musti19

Well-Known Member
Jan 20, 2013
110
1
68
cPanel Access Level
Root Administrator
How is this spam sent?
It can not be a email client mail (dovecot) and not a webscript (because not URL header is not shown, on whm it is enabled)

Here the delivery event from WHM:

Code:
---
Event: success
Sender User: -remote-
Sender Domain:
Sender: [email protected]
Sent Time: Jun 11, 2016 1:16:17 AM
Sender Host: dynamic-ip-adsl-xxxxxxxx
Sender IP: xxx.xxx.xxx.xxx
Authentication: localdelivery
Spam Score: 0
Recipient: [email protected]
Delivered To: [email protected]
Delivery User: userxyz (cpanel account number)
Delivery Domain: abc.com
Router: virtual_user
Transport: virtual_userdelivery
Out Time: Jun 11, 2016 1:16:17 PM
ID: 1bBkeJ-0008Em-90
Delivery Host: localhost
Delivery IP: 127.0.0.1
Size: 2.02 KB
Result: Accepted
--
Any ideas? thanks
 
Last edited by a moderator:

ssfred

Well-Known Member
Jan 6, 2012
65
4
58
India
cPanel Access Level
Root Administrator
Twitter
Hello

The mails span score is 0 and is not treated as spam. Please extract and share the log file entries ( /var/log/exim_mainlog) corresponding to the mail for a better analysis.
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Hello :),

Your spam mail ID is 1bBkeJ-0008Em-90, So please login your server with the SSH and try to check mail logs with following command.

Code:
grep 1bBkeJ-0008Em-90 /var/log/exim_mainlog
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,224
463
Hello,

Yes, as mentioned, let us know the output from /var/log/exim_mainlog for this message with a command such as:

Code:
exigrep MSDID /var/log/exim_mainlog
Ensure you post the output in CODE tags, removing any identifying information about your domain name or server.

Thank you.