The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Local IP sending spam emails

Discussion in 'E-mail Discussions' started by atizen, Nov 16, 2015.

  1. atizen

    atizen Registered

    Joined:
    Nov 16, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Dallas
    cPanel Access Level:
    Root Administrator
    I have CENTOS 6.6 x86_64 kvm – avr WHM 11.52.0 (build 22)

    I am hosting 5 websites in that server I own these websites. We are sending very low emails every day to our customers. And we use outlook to send and receive emails.

    I was checking this forum to stop receive and sending spam emails form my server. So far receiving spam emails almost done. But I have a problem sending spam emails from local IP.

    On my WHM when I click (Home # Email Mail Delivery Reports) I see reports like this; Sender Domain (mydomain.com) Sender (user@domain.mydomain.com) Sent time (Nov 9, 2015 3:32:15 PM) Sender Host (localhost) Sender IP (127.0.0.1) Recipient (someone@somedomain.com) ID (5561Zwfdd0Y-0003OT-Kp) Delivery IP (someIP)/24) Result (Accepted) This is just a one example I am providing. I see 5 or 10 emails like that a day in my server’s Home # Email Mail Delivery Reports.

    Here is my problem,

    1- How I can stop these emails sending from my server?

    2- How I can access this email user@domain.mydomain.com I am sure I did not setup this email anywhere in my server.


    Any help will be greatly appreciated.


    Thanks ,,,,
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    you likely have a php script that has been compromised and it is relaying spam
     
  3. atizen

    atizen Registered

    Joined:
    Nov 16, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Dallas
    cPanel Access Level:
    Root Administrator
    any idea, how to find compromised php script using WHM? I don't use SSH.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You know the domain sending the emails, correct? Is the website and all scripts it uses up to date?
     
  5. atizen

    atizen Registered

    Joined:
    Nov 16, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Dallas
    cPanel Access Level:
    Root Administrator
    Yes, i know which domain sending spam emails. All scripts for that website is up to date for server side i have EasyApache3. Other than that all updates OK. I did almost everything mentioned in this forum. Exim configurations, tweak settings etc. But still this user user@domain.mydomain.com
    sending spam emails, 10 - 20 a day.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not server scripts, the website itself. For instance is it a wordpress site? If yes, does it have any wordpress addons installed, is the style up to date?

    The "email address" you mention is not an email address. It's "your user @ your server" thats sending email.
     
  7. atizen

    atizen Registered

    Joined:
    Nov 16, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Dallas
    cPanel Access Level:
    Root Administrator

    Hi Infogro,

    This is not a WP website and i am doing updates and virus scan regularly on that website. We use outlook do you think one of the computer using outlook is infected, is there a possibility like this? Also i have only Roundcube working on my server for webmail but we don't use this.

    Thanks again for your time. :)
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Wordpress was an example of course, I've got no clue what your website is made of, you don't mention anything about it.

    You might try this site for scanning your website and see if it alerts you to anything:
    Sucuri Security

    Sending email from outlook would be sending email as the email account, set up in outlook, not the cPanel user. As seems to be the case for you here.

    I'm with Dalem on this one, you should take a closer look at your account. Or, hire a professional to assist you.
     
Loading...

Share This Page