Message Delivery Failure - Mail Delivery System

brand_land

Active Member
Oct 18, 2018
40
2
8
Saudi Arabia
cPanel Access Level
Reseller Owner
One of the email accounts in my VPS has been receiving these emails with emails that he hasn't mailed, does that mean that the server have been exploited ? if so , how can figure it out ? and if not how do I find out what's causing it ?
Thank you
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,995
645
263
Houston
cPanel Access Level
DataCenter Provider
Hello @brand_land

It can mean that, but it can also mean legitimate mail you're sending is being rejected. You'd need to identify whether or not the mail was something legitimate or something you didn't send. You may want to work with your provider to get more information on the bouncebacks you're receiving as well.
 

brand_land

Active Member
Oct 18, 2018
40
2
8
Saudi Arabia
cPanel Access Level
Reseller Owner
Hello @brand_land

It can mean that, but it can also mean legitimate mail you're sending is being rejected. You'd need to identify whether or not the mail was something legitimate or something you didn't send. You may want to work with your provider to get more information on the bouncebacks you're receiving as well.
No, no one sent them from the email address in question, what should I do to find out how are they being sent and if my VPS is exploited or not ?

Thank you
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,995
645
263
Houston
cPanel Access Level
DataCenter Provider
Since I'll assume you don't have root access to the server, and since you're indicating that the email address in question isn't sending those I'll assume that this is most likely a password compromise (if all the bouncebacks are originating from the same email account and the email account exists on your server)

In that case, you'd need to just change the password. If you're able to view the headers of the originally sent message it might be helpful as well. You may be able to find one by using the interface at WHM>>Email>>Mail Delivery Reports or if you don't have access to that the one within cPanel>>Email>>Track Delivery will work as well.
 

brand_land

Active Member
Oct 18, 2018
40
2
8
Saudi Arabia
cPanel Access Level
Reseller Owner
Since I'll assume you don't have root access to the server, and since you're indicating that the email address in question isn't sending those I'll assume that this is most likely a password compromise (if all the bouncebacks are originating from the same email account and the email account exists on your server)

In that case, you'd need to just change the password. If you're able to view the headers of the originally sent message it might be helpful as well. You may be able to find one by using the interface at WHM>>Email>>Mail Delivery Reports or if you don't have access to that the one within cPanel>>Email>>Track Delivery will work as well.
I found some mails but the header is empty, it shows like this :
<>
is this normal ?