got a user that's having problems with spam mail sent from his account

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
1. Are you seeing bounce messages (i.e. a spam/virus is using their email address in the email header) or are they the original messages coming from your server?

2. You need to establish whether the emails are being generated locally (e.g. through a script) or remotely (someone has gained access to their account)

3. If they're being generated locally on your server, then that use most likely has a vulnerable CGI or PHP script in their account
 

Hedloff

Well-Known Member
Jun 7, 2004
184
11
168
Up north!
cPanel Access Level
DataCenter Provider
The user have changed all password that is possible to change.
And there are no cgi/php scripts that i can find locally on the server, so i'm kind of stuck here.

How can i find out if he's bounceing the messages?
Before it was sending like 2000mails each day, now it's about 150mails.