The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

nullamil is sending spam, How do I stop it?

Discussion in 'General Discussion' started by Chriz1977, Oct 17, 2006.

  1. Chriz1977

    Chriz1977 Well-Known Member

    Joined:
    Sep 18, 2006
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    Im often getting reports like this

    Im sure its due to someone using a bulk mail script and i dont like it. Is there any way of finding the user who is doing it?

    Cheers
    Chriz
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Yes that can be tracked quite easily but the bigger question is
    how much resources do you have to begin with?

    In example, if you are running off of a VPS you could be getting exhausted
    resources even when nothing is actually running especially if the server owner
    is running too many VPS servers per physical machine.

    The same goes for dedicated servers with too many sites installed or too
    many people using email at the same time.

    The point I am making is that you can't assume the problem is spam
    until you have actually confirmed it to be such.

    The first step though is to login to your server via SSH as root and take
    a good hard look at your mail log files:

    /var/log/exim_mainlog
    /var/log/maillog

    If you don't have Exim extended logging turned on and / or not using
    phpSuExec or SuPHP, you can still track messages listed if you see a big
    surge of messages at a particular time in the logs and grep the site
    logs at /etc/httpd/domlogs for the same time period. Chances are
    that any script exploits will show up that way.

    In addition to reviewing the logs in SSH, you will also want to look at
    your "Mail Queue Manager" and "View Relayers" in WHM.

    If it does actually look like your server is indeed being used for spam,
    there are ways to clamp down on that but you need to identify the real
    problem first before going off making leaps based on assumption.
     
  3. Chriz1977

    Chriz1977 Well-Known Member

    Joined:
    Sep 18, 2006
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    What exactly am i looking for in the logs? areas where the same address is sending a lot of mail?

    Chriz
     
  4. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    Act Fast on such Issues

    hi,
    i woudl encourage you to contact your server provider or HIRE a system admin who can solve the issue ASAP, as delaying a SPAM originating issue can let you or your other client suffer damages from this.

    see ya,
    mohit
     
Loading...

Share This Page