The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Finding the spam source

Discussion in 'E-mail Discussions' started by musti19, Jun 11, 2016.

Tags:
  1. musti19

    musti19 Well-Known Member

    Joined:
    Jan 20, 2013
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    How is this spam sent?
    It can not be a email client mail (dovecot) and not a webscript (because not URL header is not shown, on whm it is enabled)

    Here the delivery event from WHM:

    Code:
    ---
    Event: success
    Sender User: -remote-
    Sender Domain:
    Sender: abc@abc.com
    Sent Time: Jun 11, 2016 1:16:17 AM
    Sender Host: dynamic-ip-adsl-xxxxxxxx
    Sender IP: xxx.xxx.xxx.xxx
    Authentication: localdelivery
    Spam Score: 0
    Recipient: abc@abc.com
    Delivered To: abc@abc.com
    Delivery User: userxyz (cpanel account number)
    Delivery Domain: abc.com
    Router: virtual_user
    Transport: virtual_userdelivery
    Out Time: Jun 11, 2016 1:16:17 PM
    ID: 1bBkeJ-0008Em-90
    Delivery Host: localhost
    Delivery IP: 127.0.0.1
    Size: 2.02 KB
    Result: Accepted
    --
    
    Any ideas? thanks
     
    #1 musti19, Jun 11, 2016
    Last edited by a moderator: Jun 11, 2016
  2. ssfred

    ssfred Well-Known Member

    Joined:
    Jan 6, 2012
    Messages:
    62
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello

    The mails span score is 0 and is not treated as spam. Please extract and share the log file entries ( /var/log/exim_mainlog) corresponding to the mail for a better analysis.
     
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello :),

    Your spam mail ID is 1bBkeJ-0008Em-90, So please login your server with the SSH and try to check mail logs with following command.

    Code:
    grep 1bBkeJ-0008Em-90 /var/log/exim_mainlog
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Yes, as mentioned, let us know the output from /var/log/exim_mainlog for this message with a command such as:

    Code:
    exigrep MSDID /var/log/exim_mainlog
    Ensure you post the output in CODE tags, removing any identifying information about your domain name or server.

    Thank you.
     
Loading...

Share This Page