How can I find out if my server is sending spam?

[ameran]

Hi,
I run 2 websites on a VPS. I was told by my hosting service that my server has been sending spams. They deactivated my account till I fix the problem. Because I personally have no idea, how to fix the issue, I got SiteLock service and also cPanel Service Package from ConfigServer Services, where they configured my server to be more secure. Anyway, after all these, my hosting service finally activated my server and I could have my websites online.

Now, my question is, how can I find out, if my server isn't sending spams anymore? and how can I find out if my server is really secure after all these?

I really appreciate all your comments and advises.

Thanks,
ameran

 

[SysSachin]

Hello,

Check if there are any scripts that are sending spam mail from any account. Login to server and run below command.

awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr

 

[ameran]

SysSachin,
I juts ran the command you provided and this is what I got. What does all these mean and do I need to do anything? Note: I have only one email account on the entire server.

77 cwd=/var/spool/exim
15 cwd=/
8 cwd=/var/spool/MailScanner/incoming/12720
8 cwd=/root
5 cwd=/var/spool/MailScanner/incoming/18314
4 cwd=/var/spool/MailScanner/incoming/31143
4 cwd=/var/spool/MailScanner/incoming/28026
4 cwd=/var/spool/MailScanner/incoming/21004
4 cwd=/var/spool/MailScanner/incoming/1280
4 cwd=/usr/local/cpanel/whostmgr/docroot
3 cwd=/var/spool/MailScanner/incoming/6900
3 cwd=/var/spool/MailScanner/incoming/1200
3 cwd=/var/spool/exim_incoming
2 cwd=/var/spool/MailScanner/incoming/9687
2 cwd=/var/spool/MailScanner/incoming/3632
2 cwd=/var/spool/MailScanner/incoming/21995
2 cwd=/var/spool/MailScanner/incoming/15818
2 cwd=/var/spool/MailScanner/incoming/12615
1 cwd=/var/spool/MailScanner/incoming/9798
1 cwd=/var/spool/MailScanner/incoming/12798

 

[cPanelMichael]

Hello

You can review /var/log/exim_mainlog to see if you notice any message activity from unknown source. Also, please also review this document:

How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

Thank you.

 

[ameran]

cPanelMichael,
Thank you for your post. I followed all steps in that document and turned on all recommended settings.

Thanks,
ameran