The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Massive Spam Problem.

Discussion in 'E-mail Discussions' started by sylar2013, Mar 29, 2013.

  1. sylar2013

    sylar2013 Registered

    Joined:
    Mar 29, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello Everyone.. I'm new to the forum.. hope I can get some help here.

    I checked my cloud server today and discovered a massive spam/security issue. I'm currently running Cpanel WHM 11.360(Build 18).

    1. The problem: thousands and thousands of outgoing spam emails from my domain.
    2. All outgoing emails are from fictitious senders from my domain..
    Example: selma_stewart@mydomain.com, erika@mydomain.com, jerry@mydomain.com (there are more then i can count!)
    3. None of the above email accounts are email accounts that i setup. They are all made up!
    4. All Emails are being since from the cpanel username(the admin account).

    I viewed one of the emails in the mail que manager then i clicked on Show Control Data and here's what it revealed:

    admin90 502 500
    <jamie_clarke@mydomain.com>
    1364589255 0
    -ident admin90
    -received_protocol local
    -body_linecount 7
    -max_received_linelength 294
    -auth_id admin90
    -auth_sender admin90@server.mydomain.com
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -deliver_firsttime
    -local
    -sender_set_untrusted
    XX
    1

    -------------------------------------------

    It appears all these spam emails are being sent with the admin account.

    I changed the admin password.. then I deleted all emails that were in the Mail Que but more keep going out. I can't stop it!

    How do I fix this? Any help would be greatly appreciated.
     
  2. MerseyWD

    MerseyWD Registered

    Joined:
    Apr 22, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi there, I too am facing the same issues and would like to know a solution. Could anyone with the appropriate knowledge please respond?
     
  3. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    You need to enable detailed logging in exim config file. It seems some script is sending emails. Once detailed logging is enabled, use the following command to trace the exact location of script.

    Detailed steps are available at the following url.

    /http://linuxadministrator.pro/blog/?p=139
    Tracing a Spammer in Exim | .:Welcome to Linux Administrator.Pro:. | .:Welcome to Linux Administrator.Pro:.

    Thanks!
     
  4. bluepine

    bluepine Active Member

    Joined:
    Dec 17, 2001
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    I am having the same issue as well, it started 3/4 days ago. As far as I can tell it's not connected to any script, sending out email (also because they seem to generate from a high amount of different domains on the same server, all belonging to different customers).
     
Loading...

Share This Page