Well-Known Member
May 22, 2002
Somehow these spammers have found a hole in all my cpanel servers.
I have customer that is getting all kinds of bounced email returned to her account when I grep exim_mainlog I found these guys.

I then started null routing the IP addresses but they come back with more IP addresses then I started checking all my servers and there are entries from thee guys in all my cpanel servers.

Antirelyd is running I have checked all the obvious things and is not on the accounts they are using to spam from and I can't find any scripts any of these sites have in common.

So does cpanel have a hole? Anybody else see these in their logs?

How can I null route these entire domains or a range of IP's?

2002-11-21 04:57:17 18Eo5F-0007bj-00 &= [email protected] [] P=smtp S=4737

2002-11-20 19:26:06 18EfAT-0000QP-00 &=
[email protected] [] P=smtp S=7170 id=2011020004

2002-11-20 17:47:59 18EddX-0006qr-00 &=*[email protected] [] P=esmtp S
=4443 [email protected]