Yes that can be tracked quite easily but the bigger question is
how much resources do you have to begin with?
In example, if you are running off of a VPS you could be getting exhausted
resources even when nothing is actually running especially if the server owner
is running too many VPS servers per physical machine.
The same goes for dedicated servers with too many sites installed or too
many people using email at the same time.
The point I am making is that you can't assume the problem is spam
until you have actually confirmed it to be such.
The first step though is to login to your server via SSH as root and take
a good hard look at your mail log files:
/var/log/exim_mainlog
/var/log/maillog
If you don't have Exim extended logging turned on and / or not using
phpSuExec or SuPHP, you can still track messages listed if you see a big
surge of messages at a particular time in the logs and grep the site
logs at /etc/httpd/domlogs for the same time period. Chances are
that any script exploits will show up that way.
In addition to reviewing the logs in SSH, you will also want to look at
your "Mail Queue Manager" and "View Relayers" in WHM.
If it does actually look like your server is indeed being used for spam,
there are ways to clamp down on that but you need to identify the real
problem first before going off making leaps based on assumption.
how much resources do you have to begin with?
In example, if you are running off of a VPS you could be getting exhausted
resources even when nothing is actually running especially if the server owner
is running too many VPS servers per physical machine.
The same goes for dedicated servers with too many sites installed or too
many people using email at the same time.
The point I am making is that you can't assume the problem is spam
until you have actually confirmed it to be such.
The first step though is to login to your server via SSH as root and take
a good hard look at your mail log files:
/var/log/exim_mainlog
/var/log/maillog
If you don't have Exim extended logging turned on and / or not using
phpSuExec or SuPHP, you can still track messages listed if you see a big
surge of messages at a particular time in the logs and grep the site
logs at /etc/httpd/domlogs for the same time period. Chances are
that any script exploits will show up that way.
In addition to reviewing the logs in SSH, you will also want to look at
your "Mail Queue Manager" and "View Relayers" in WHM.
If it does actually look like your server is indeed being used for spam,
there are ways to clamp down on that but you need to identify the real
problem first before going off making leaps based on assumption.
Act Fast on such Issues
hi,
i woudl encourage you to contact your server provider or HIRE a system admin who can solve the issue ASAP, as delaying a SPAM originating issue can let you or your other client suffer damages from this.
see ya,
mohit
hi,
i woudl encourage you to contact your server provider or HIRE a system admin who can solve the issue ASAP, as delaying a SPAM originating issue can let you or your other client suffer damages from this.
see ya,
mohit
