The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to identify the source of spam mails

Discussion in 'E-mail Discussions' started by sparktino, Mar 27, 2013.

  1. sparktino

    sparktino Member

    Joined:
    May 10, 2009
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    One of the email accounts of our domain has been used to send spam mails. How we can identify the source from which these spam mails are being sent. I would like to know whether it is through the website itself by injecting some malicious codes or it through an email client. Is it possible to identify the source from exim logs?

    Code:
    =================
    
    2013-03-27 04:03:01 1UKlJz-0003Ba-Er <= "username"@"domainname" H=("domainname") [xx.xxx.xxx.xxx]:58513 P=esmtpa A=dovecot_login:"username"@"domainname" S=2507 id=026EFCFA.DAD70703@"domainname" T="Don't lack boners with these risk-free drugs. Door-to-door shipping!" for invac-med-f_432@eyekiller.net dpereira@ez-2-sell.net jstretch@f2s.com enkins@f5.com
    
    =================
    Regards
    Tino
     
  2. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    Code:
    A=dovecot_login:"username"@"domainname"
    From a glance at what you've provided it appears to be via a login to that mailbox
     
  3. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    And the IP they connect from you see in this:

     
  4. sparktino

    sparktino Member

    Joined:
    May 10, 2009
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    Thanks guys for the reply.

    Yes, it looks like somebody hacked the password for this particular email account. I had to change the password for the account.
     
Loading...

Share This Page