How can I find out if my server is sending spam?

ameran · Jan 31, 2016

Hi,
I run 2 websites on a VPS. I was told by my hosting service that my server has been sending spams. They deactivated my account till I fix the problem. Because I personally have no idea, how to fix the issue, I got SiteLock service and also cPanel Service Package from ConfigServer Services, where they configured my server to be more secure. Anyway, after all these, my hosting service finally activated my server and I could have my websites online.

Now, my question is, how can I find out, if my server isn't sending spams anymore? and how can I find out if my server is really secure after all these?

I really appreciate all your comments and advises.

Thanks,
ameran

SysSachin · Jan 31, 2016

Hello,

Check if there are any scripts that are sending spam mail from any account. Login to server and run below command.

awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr

ameran · Jan 31, 2016

SysSachin,
I juts ran the command you provided and this is what I got. What does all these mean and do I need to do anything? Note: I have only one email account on the entire server.

77 cwd=/var/spool/exim
15 cwd=/
8 cwd=/var/spool/MailScanner/incoming/12720
8 cwd=/root
5 cwd=/var/spool/MailScanner/incoming/18314
4 cwd=/var/spool/MailScanner/incoming/31143
4 cwd=/var/spool/MailScanner/incoming/28026
4 cwd=/var/spool/MailScanner/incoming/21004
4 cwd=/var/spool/MailScanner/incoming/1280
4 cwd=/usr/local/cpanel/whostmgr/docroot
3 cwd=/var/spool/MailScanner/incoming/6900
3 cwd=/var/spool/MailScanner/incoming/1200
3 cwd=/var/spool/exim_incoming
2 cwd=/var/spool/MailScanner/incoming/9687
2 cwd=/var/spool/MailScanner/incoming/3632
2 cwd=/var/spool/MailScanner/incoming/21995
2 cwd=/var/spool/MailScanner/incoming/15818
2 cwd=/var/spool/MailScanner/incoming/12615
1 cwd=/var/spool/MailScanner/incoming/9798
1 cwd=/var/spool/MailScanner/incoming/12798

cPanelMichael · Feb 1, 2016

Hello

You can review /var/log/exim_mainlog to see if you notice any message activity from unknown source. Also, please also review this document:

How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

Thank you.

ameran · Feb 1, 2016

cPanelMichael,
Thank you for your post. I followed all steps in that document and turned on all recommended settings.

Thanks,
ameran

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

How can I find out if my server is sending spam?

ameran Member

SysSachin Well-Known Member

ameran Member

cPanelMichael Forums Analyst
Staff Member

ameran Member

Safari could not find the server

404 Not Found The server can not find the requested page

New Thread Trying to find Cause of CBL blocking

Find accounts that have hit hourly emails limit?

Can't Find File Manager in cPanel

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

How can I find out if my server is sending spam?

ameran Member

SysSachin Well-Known Member

ameran Member

cPanelMichael Forums Analyst Staff Member

ameran Member

Safari could not find the server

404 Not Found The server can not find the requested page

New Thread Trying to find Cause of CBL blocking

Find accounts that have hit hourly emails limit?

Can't Find File Manager in cPanel

Share This Page

cPanelMichael Forums Analyst
Staff Member