Hello, i've got spam mails from my server and keeps so many emails hold in the mail queue. When I checked the IP reputation it turned out to be blacklisted by sorbs & outlook filter too.
That will give you a list, sorted by the number of emails sent from that location. Just make sure to ignore common areas, like CSF or system notifications.
For my experience the 1st thing to do is to find out if the emails are LOCAL RELAY or AUTH RELAY, i.e. if the emails are sent FROM the server or THROUGH the server.
For my experience the 1st thing to do is to find out if the emails are LOCAL RELAY or AUTH RELAY, i.e. if the emails are sent FROM the server or THROUGH the server.
Hello, I have spam through the server and my firewall and Exim stopped the sender. how I can catch the spammer or the exploit. I use ImunifyAV and no malware was found.
@jana-its - if you scroll up just a bit, you'll see a command that can help you search the Exim logs on the machine for more details about where the message may have originated from. Tring that is always a good first step.
If you're familiar with SSH, you can run this command to scan the mail logs and see if any directories are sending spam:
That will give you a list, sorted by the number of emails sent from that location. Just make sure to ignore common areas, like CSF or system notifications.
Should "/" be sending any sort of emails?
Should "/root" be sending any sort of emails?
Does the location indicate the file that is sending the emails rests in that directory? For instance, how would I go about sourcing the cause code of the 392 emails from "/" if it's not an expected sender?
Sure, / is just giving you the total number. /root is a bit odd as I don't see that one come up often. And yes, the location listed indicates something in that directory triggered the message to be sent.
Remember, we're trying to track down spam that's getting your server IP flagged at a provider or otherwise hurting your reputation. One email isn't going to do that.
Sure, / is just giving you the total number. /root is a bit odd as I don't see that one come up often. And yes, the location listed indicates something in that directory triggered the message to be sent.
Remember, we're trying to track down spam that's getting your server IP flagged at a provider or otherwise hurting your reputation. One email isn't going to do that.