The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to tell if Someone's Sending SPAM?

Discussion in 'E-mail Discussions' started by MegaMan2, Nov 3, 2007.

  1. MegaMan2

    MegaMan2 Member

    Joined:
    Sep 28, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    I'm the only person using my server. No clients or whatever. But how can I tell if someone is hacking the box and sending spam? Through a form mail program perhaps...

    I checked WHM > EMAIL > VIEW MAIL STATS but I don't know what the hell I'm looking at there.

    There are 2 of my accounts that seem to be sending out a LOT of email, but I don't know if it's normal or not. I also have a lot of emails going out as MAILNULL. So ????

    Is there some way you can monitor emails as they're being sent?



    Also.... I always get a TON of SPAMs coming in to my default address like this:

    from: ghrbhd_fnfa@mydomain.com <------ NOT a real address, but it comes to me anyway.

    Does this mean that someone is sending out MASS emails pretending to be me? If so, I don't think there's anyway to stop it. Can I get blacklisted or marked as a spammer over that?
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Don't use a default address. Set your default address to :fail:

    If you need to accept mail for specific addresses but do not wish to have a POP3 account for each of those addresses, set up forwarders for those addresses and point them to one single POP3 account that you can check. This way you don't have a catchall (default) address set. Default addresses are an extremely bad idea. You should disable them serverwide.

    In WHM / Tweak Settings you should tell it to automatically set the default address to FAIL when it creates a new account. Then for existing accounts just log into the Cpanel interface and set the default address to :fail: (follow the directions for proper way to do that).

    Check /var/log/exim_mainlog and /var/log/exim_rejectlog, among other files. If you think somebody is logging in as a valid email user and sending mail that way, check /var/log/maillog as well for the login attempts.

    Mike


     

Share This Page