The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Queue very huge - Spamming?

Discussion in 'E-mail Discussions' started by aarango, Dec 5, 2013.

  1. aarango

    aarango Member
    PartnerNOC

    Joined:
    Dec 4, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello

    From some days ago, in my queue (exim) I see a lot ofs email from accounts google to our accounts but using names of one domain inside my server (returned emails). I means:


    Code:
    #exim -Mvl 1VoYIi-000PnS-5L
    2013-12-05 12:45:05 Received from <> R=1VoYIh-000PnE-TG U=mailnull P=local S=2881 T="Mail delivery failed: returning message to sender"
    2013-12-05 12:45:09 SMTP error from remote mail server after RCPT TO:<nonaxp@google.com>: host aspmx.l.google.com [173.194.78.26]: 550-5.1.1 The email account that you tried to reach does not exist. Please try\n550-5.1.1 double-checking the recipient's email address for typos or\n550-5.1.1 unnecessary spaces. Learn more at\n550 5.1.1 http://support.google.com/mail/bin/a...py?answer=6596 bo12si1008868wib.66 - gsmtp
    2013-12-05 12:45:09 nonaxp@google.com R=dkim_lookuphost T=dkim_remote_smtp: SMTP error from remote mail server after RCPT TO:<nonaxp@google.com>: host aspmx.l.google.com [173.194.78.26]: 550-5.1.1 The email account that you tried to reach does not exist. Please try\n550-5.1.1 double-checking the recipient's email address for typos or\n550-5.1.1 unnecessary spaces. Learn more at\n550 5.1.1 http://support.google.com/mail/bin/a...py?answer=6596 bo12si1008868wib.66 - gsmtp
    *** Frozen (delivery error message)
    
    #exim -Mvb 1VoYIi-000PnS-5L
    Return-path: <nonaxp@google.com>
    Received: from cpe-c83a353d88c8.cpe.cableonda.net ([190.219.233.231]:26822)
    by server with esmtp (Exim 4.82)
    (envelope-from <nonaxp@google.com>)
    id 1VoYIh-000PnE-TG
    for dionne@mydomain.com; Thu, 05 Dec 2013 12:45:04 +0000
    Received: from apache by kdlqijaimrrgkdadi.bmatter.com with local (Exim 4.63)
    (envelope-from <<dionne@mydomain.com>>)
    id 9M089L-KIWFUF-ML
    for <dionne@mydomain.com>; Thu, 5 Dec 2013 07:48:37 -0500
    To: <dionne@mydomain.com>
    Subject: Job offer match, respond to apply
    Its seems that:
    An account/website/ is infected, is sending emails with for<account@mydomain.com>, after the returned emails go back account. The queue is around 1000 en 1 hour.

    I can't how I can see it because its using user=mailnull, and I dont know which user is using.

    Any help?
    Best Regards
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Try opening one of the SPAM messages in the mail queue and see if the message headers provide you with any additional information. You can enable the following option under the "Mail" tab in "WHM >> Server Configuration >> Tweak Settings":

    Code:
    Track email origin via X-Source email headers
    This may provide more information in the headers of future emails sent from the server. Also, the following document is helpful for preventing email abuse:

    cPanel - Prevent Email Abuse

    Thank you.
     
Loading...

Share This Page