Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to tell if Someone's Sending SPAM?

Discussion in 'E-mail Discussion' started by MegaMan2, Nov 3, 2007.

  1. MegaMan2

    MegaMan2 Member

    Sep 28, 2003
    Likes Received:
    Trophy Points:
    I'm the only person using my server. No clients or whatever. But how can I tell if someone is hacking the box and sending spam? Through a form mail program perhaps...

    I checked WHM > EMAIL > VIEW MAIL STATS but I don't know what the hell I'm looking at there.

    There are 2 of my accounts that seem to be sending out a LOT of email, but I don't know if it's normal or not. I also have a lot of emails going out as MAILNULL. So ????

    Is there some way you can monitor emails as they're being sent?

    Also.... I always get a TON of SPAMs coming in to my default address like this:

    from: <------ NOT a real address, but it comes to me anyway.

    Does this mean that someone is sending out MASS emails pretending to be me? If so, I don't think there's anyway to stop it. Can I get blacklisted or marked as a spammer over that?
  2. mtindor

    mtindor Well-Known Member

    Sep 14, 2004
    Likes Received:
    Trophy Points:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Don't use a default address. Set your default address to :fail:

    If you need to accept mail for specific addresses but do not wish to have a POP3 account for each of those addresses, set up forwarders for those addresses and point them to one single POP3 account that you can check. This way you don't have a catchall (default) address set. Default addresses are an extremely bad idea. You should disable them serverwide.

    In WHM / Tweak Settings you should tell it to automatically set the default address to FAIL when it creates a new account. Then for existing accounts just log into the Cpanel interface and set the default address to :fail: (follow the directions for proper way to do that).

    Check /var/log/exim_mainlog and /var/log/exim_rejectlog, among other files. If you think somebody is logging in as a valid email user and sending mail that way, check /var/log/maillog as well for the login attempts.


    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Similar Threads - tell Someone's Sending
  1. Dezdan

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice