Hello
I recommend investigating the source of the abusive emails. Look through the mail headers to see if you can determine where they originate so you can take appropriate action.
Note: Please ensure you attach images directly instead of linking to external image hosting websites.
Thank you.
Hello,
Need to check mail headers, there you can see more information about the source.
Following commands will help you to find the spammer.
#exim -bpr | grep "<*@*>" | awk '{print $4}'|grep -v "<>" | sort | uniq -c | sort -n
#awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
#ps -C exim -fH ewww | grep home
Thanks,
Dear Michael and Hostripples, thanks for the respons.
Temporary the problem are solved even though keep sending email from non existing user (Spamming activity) until now but get blocked after set OFF on exim this two:
Trust X-PHP-Script headers to determine the sender of email messages sent from processes running as nobody
Query Apache server status to determine the sender of email messages sent from processes running as nobody
Capture attached before/after.
For Hostripples,
Hereis the results from your scripts:
-bash-3.2# exim -bpr | grep "<*@*>" | awk '{print $4}'|grep -v "<>" | sort | uni q -c | sort -n
-bash-3.2# awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mai nlog | sort | uniq -c | sort -nk 1
2 cwd=/home/userdirectory/public_html
3 cwd=/home/userdirectory/public_html/cgi-bin
216 cwd=/home/userdirectory/public_html
93941 cwd=/home/userdirectory/public_html/libraries/joomla/github
-bash-3.2# ps -C exim -fH ewww | grep home
Any thought for the result?