Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to identify the source of spam mails

Discussion in 'E-mail Discussion' started by sparktino, Mar 27, 2013.

  1. sparktino

    sparktino Member

    Joined:
    May 10, 2009
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    51
    Hello,

    One of the email accounts of our domain has been used to send spam mails. How we can identify the source from which these spam mails are being sent. I would like to know whether it is through the website itself by injecting some malicious codes or it through an email client. Is it possible to identify the source from exim logs?

    Code:
    =================
    
    2013-03-27 04:03:01 1UKlJz-0003Ba-Er <= "username"@"domainname" H=("domainname") [xx.xxx.xxx.xxx]:58513 P=esmtpa A=dovecot_login:"username"@"domainname" S=2507 id=026EFCFA.DAD70703@"domainname" T="Don't lack boners with these risk-free drugs. Door-to-door shipping!" for invac-med-f_432@eyekiller.net dpereira@ez-2-sell.net jstretch@f2s.com enkins@f5.com
    
    =================
    Regards
    Tino
     
  2. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    352
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    Code:
    A=dovecot_login:"username"@"domainname"
    From a glance at what you've provided it appears to be via a login to that mailbox
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    11
    Trophy Points:
    168
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    And the IP they connect from you see in this:

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. sparktino

    sparktino Member

    Joined:
    May 10, 2009
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    51
    Hi,

    Thanks guys for the reply.

    Yes, it looks like somebody hacked the password for this particular email account. I had to change the password for the account.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice