How can I find out if my server is sending spam?

ameran

Member
Jan 31, 2016
8
0
1
USA
cPanel Access Level
Website Owner
Hi,
I run 2 websites on a VPS. I was told by my hosting service that my server has been sending spams. They deactivated my account till I fix the problem. Because I personally have no idea, how to fix the issue, I got SiteLock service and also cPanel Service Package from ConfigServer Services, where they configured my server to be more secure. Anyway, after all these, my hosting service finally activated my server and I could have my websites online.

Now, my question is, how can I find out, if my server isn't sending spams anymore? and how can I find out if my server is really secure after all these?

I really appreciate all your comments and advises.

Thanks,
ameran
 

SysSachin

Well-Known Member
Aug 23, 2015
604
48
28
India
cPanel Access Level
Root Administrator
Twitter
Hello,

Check if there are any scripts that are sending spam mail from any account. Login to server and run below command.

awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
 

ameran

Member
Jan 31, 2016
8
0
1
USA
cPanel Access Level
Website Owner
SysSachin,
I juts ran the command you provided and this is what I got. What does all these mean and do I need to do anything? Note: I have only one email account on the entire server.

77 cwd=/var/spool/exim
15 cwd=/
8 cwd=/var/spool/MailScanner/incoming/12720
8 cwd=/root
5 cwd=/var/spool/MailScanner/incoming/18314
4 cwd=/var/spool/MailScanner/incoming/31143
4 cwd=/var/spool/MailScanner/incoming/28026
4 cwd=/var/spool/MailScanner/incoming/21004
4 cwd=/var/spool/MailScanner/incoming/1280
4 cwd=/usr/local/cpanel/whostmgr/docroot
3 cwd=/var/spool/MailScanner/incoming/6900
3 cwd=/var/spool/MailScanner/incoming/1200
3 cwd=/var/spool/exim_incoming
2 cwd=/var/spool/MailScanner/incoming/9687
2 cwd=/var/spool/MailScanner/incoming/3632
2 cwd=/var/spool/MailScanner/incoming/21995
2 cwd=/var/spool/MailScanner/incoming/15818
2 cwd=/var/spool/MailScanner/incoming/12615
1 cwd=/var/spool/MailScanner/incoming/9798
1 cwd=/var/spool/MailScanner/incoming/12798
 

ameran

Member
Jan 31, 2016
8
0
1
USA
cPanel Access Level
Website Owner
cPanelMichael,
Thank you for your post. I followed all steps in that document and turned on all recommended settings.

Thanks,
ameran