HELP : My server emails sending too many spam

[muwicaksono]

Hello, i've got spam mails from my server and keeps so many emails hold in the mail queue. When I checked the IP reputation it turned out to be blacklisted by sorbs & outlook filter too.

 

[andrew.n]

You should look into the headers of the mails and see which account is sending those.

 

[cPRex]

If you're familiar with SSH, you can run this command to scan the mail logs and see if any directories are sending spam:

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

That will give you a list, sorted by the number of emails sent from that location. Just make sure to ignore common areas, like CSF or system notifications.

 

[quietFinn]

For my experience the 1st thing to do is to find out if the emails are LOCAL RELAY or AUTH RELAY, i.e. if the emails are sent FROM the server or THROUGH the server.