How can I stop my account from sending spam emails?

[sourabh.garg]

For the past two days, we have been receiving "undeliverable" and "failure" notices in our Webmail/MS Outlook inbox for emails sent entitled "SUP", "Good Morning", "Good Evening" etc. I immediately changed our password yesterday & have done multiple virus & Malware scans. We have Godaddy VPS Server running Cpanel/whm, and yet people are still receiving these SPAM messages from us. Strangely, there is no record in our "Sent" folder to show that these emails were sent from our email, as with another time we were hacked. I changed our password again this morning, and still, we are receiving notes from friends saying that they are getting these emails.

What else can we do to stop this????

 

[cPRex]

Hey there! I'd recommend reading through our support article here:

How to find the source of spam emails

Introduction In this article, we will be exploring means to determine how spam emails were sent from your server. This is meant to guide you in the right direction in which a further, more in-dep...

support.cpanel.net

as that provides more details about tracking down the source of spam messages on the system. Can you work through that and see if that helps?

 

[rscalover]

Hello,

You mention friends are telling you that they receive spam ask them to "screenshot" the message headers that should give you an id after that on an ssh shell

grep the_message_id_here /var/log/exim_mainlog

 

[ffeingol]

If you find out it's a compromised mailbox after you change the password make sure your restart IMAP and Exim. If not, and they are already authenticated, they can continue to send.

Simply searching /var/log/exim_mainlog for the subjects you gave above should give you a lot of clues. You'll be able to see if it's coming from a compromised script or if they are logging in from a remote IP (compromised mailbox). If it's the later, you'll be able to see the mailbox that they are using to authenticate.