- Apr 30, 2012
- cPanel Access Level
- Root Administrator
go to SSH and type in
check for any suspicious IP which is not yours.last -n 20
Your root login seems to have been compromised.I'm with this problem about a 2 weeks, so I found a login suspicious and change the root password and the now ssh access it's via public/private keys pair.
About header of a spam message see here:
exim -Mvh 1SQGKw-0005oh-5p
root 0 0
-auth_sender [email protected]
186P Received: from root by server.oratelecom.pt with local (Exim 4.77)
(envelope-from <[email protected]>)
for [email protected]; Fri, 04 May 2012 12:06:10 +0100
056F From: Charlotte Bryd <[email protected]>
019T To: [email protected]
059 Subject: Charlotte Bryd ADDED YOU to her Private Wish List
018 MIME-Version: 1.0
080 Content-Type: multipart/related;
053I Message-Id: <[email protected]>
038 Date: Fri, 04 May 2012 12:06:10 +0100
That should give some clues.last -n 20
Received: from mailserver.localhost.com (server.serverxxxxxx.com [67.xxx.xxx.xxx]) by mtain-dd03.r1000.mx.aol.com (Internet Inbound) with ESMTP id 81E8F38000082 for <[email protected]>; Thu, 27 Sep 2012 23:45:39 -0400 (EDT) Received: by mailserver.localhost.com (PowerMTA(TM) v3.5r16) id hckem80mnfg7 for <[email protected]>; Fri, 28 Sep 2012 07:45:05 +0400 (envelope-from <[email protected]>) From: Eleanor Burgin <[email protected]> To: [email][email protected][/email] Subject: Eleanor Burgin SENT YOU A FRIEND REQUEST MIME-Version: 1.0 Content-Type: multipart/related; boundary="=_822c18d796aa27f13b60b361143309c8" x-aol-global-disposition: S X-AOL-VSS-INFO: 5400.1158/84282 X-AOL-VSS-CODE: clean X-AOL-REROUTE: YES x-aol-sid: 3039ac1d408f50651d636ad8 X-AOL-IP: 188.8.131.52 X-AOL-SPF: domain : eleanor-burgin.us SPF : none (multipart/related) (multipart/alternative) MIME element (text/plain) Message from Eleanor Burgin: Hi dear, mind me adding you to friends? ;) Here is my chatbox: - link removed -
This should solve your problems.
Our server was use this article "How to: Prevent Email Abuse"This should solve your problems.
Go to the mail queue and check which id is sending them out.
Copy paste the log for any mail here.
1TKjnf-0007S7-A7-H mailnull 47 12 <> 1349589195 0 -ident mailnull -received_protocol local -body_linecount 27 -max_received_linelength 379 -allow_unqualified_recipient -allow_unqualified_sender -frozen 1349589196 -localerror XX 1 v[email protected] 159P Received: from mailnull by bh.nefusion.com with local (Exim 4.80) id 1TKjnf-0007S7-A7 for [email protected]; Sun, 07 Oct 2012 13:53:15 +0800 040 X-Failed-Recipients: [email protected] 029 Auto-Submitted: auto-replied 059F From: Mail Delivery System <[email protected]> 038T To: [email protected] 059 Subject: Mail delivery failed: returning message to sender 048I Message-Id: <[email protected]> 038 Date: Sun, 07 Oct 2012 13:53:15 +0800
|Thread starter||Similar threads||Forum||Replies||Date|
|S||Urgent - Need help to stop email SPAM!||1|
|A||spamd failed - Need help stopping this email coming to me||4|
|F||EXIM - I need help to to set filters that stops on-line phamacy offerings||6|
|N||I need help to stop this spam||8|
|D||Help! I need to stop SPAM||2|