The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sapamed Server

Discussion in 'General Discussion' started by lajotadj, Sep 8, 2005.

  1. lajotadj

    lajotadj Member

    Joined:
    Dec 12, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Spamed Server

    Spammed Server
    Please any one could please tell me how to stop spam, my server is sending and receiving thousands of emails, last time i have deleted 72,000 from the email queue..
    here are some stats..
    Grand total summary
    -------------------
    At least one address
    TOTAL Volume Messages Hosts Delayed Failed
    Received 69MB 20064 41 10081 50.2% 9850 49.1%
    Delivered 8138KB 134 3

    Deliveries by transport
    -----------------------
    Volume Messages
    local_delivery 32KB 1
    local_delivery_spam 99KB 14
    local_sa_delivery 42KB 14
    remote_smtp 75KB 17
    virtual_sa_userdelivery 3586KB 37
    virtual_userdelivery 4295KB 50
    virtual_userdelivery_spam 9563 1

    ------------

    and here are some of the currents proccess running any of this proccess maybe the problem?

    Pid Name Exe Cwd
    --------------------------------------------------------------------------------
    1 (init) /sbin/init /
    init
    --------------------------------------------------------------------------------
    2 (keventd) /

    --------------------------------------------------------------------------------
    3 (kapmd) /

    --------------------------------------------------------------------------------
    4 (ksoftirqd_CPU0 /
    --------------------------------------------------------------------------------
    9 (bdflush) /
    --------------------------------------------------------------------------------
    5 (kswapd) /
    --------------------------------------------------------------------------------
    6 (kscand/DMA) /
    --------------------------------------------------------------------------------
    7 (kscand/Normal) /
    --------------------------------------------------------------------------------
    8 (kscand/HighMem /
    --------------------------------------------------------------------------------
    10 (kupdated) /
    --------------------------------------------------------------------------------
    11 (mdrecoveryd) /
    --------------------------------------------------------------------------------
    17 (raid1d) /
    --------------------------------------------------------------------------------
    18 (raid1syncd) /
    --------------------------------------------------------------------------------
    19 (kjournald) /
    --------------------------------------------------------------------------------
    77 (khubd) /
    --------------------------------------------------------------------------------
    3246 (eth0) /
    --------------------------------------------------------------------------------
    3349 (syslogd) /sbin/syslogd /
    syslogd -m 0
    --------------------------------------------------------------------------------
    3353 (klogd) /sbin/klogd /
    klogd -x
    --------------------------------------------------------------------------------
    4398 (sshd) /usr/sbin/sshd /
    /usr/sbin/sshd
    --------------------------------------------------------------------------------
    4412 (xinetd) /usr/sbin/xinetd /
    xinetd -stayalive -pidfile /var/run/xinetd.pid
    --------------------------------------------------------------------------------
    4430 (chkservd) /usr/bin/perl /
    chkservd
    --------------------------------------------------------------------------------
    4487 (clamd) /usr/sbin/clamd /
    /usr/sbin/clamd
    --------------------------------------------------------------------------------
    4498 (exim) /usr/sbin/exim /var/spool/exim
    /usr/sbin/exim -bd -q60m
    --------------------------------------------------------------------------------
    4502 (exim) /usr/sbin/exim /var/spool/exim
    /usr/sbin/exim -tls-on-connect -bd -oX 465
    --------------------------------------------------------------------------------
    4508 (antirelayd) /usr/bin/perl /
    antirelayd


    --------------------------------------------------------------------------------
    4514 (httpd) /usr/local/apache/bin/httpd /
    /usr/local/apache/bin/httpd -DSSL


    --------------------------------------------------------------------------------
    4539 (spamd) /usr/bin/perl /
    /usr/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/spamd.pid -
    -max-children=5

    --------------------------------------------------------------------------------
    4554 (crond) /usr/sbin/crond /var/spool
    crond


    --------------------------------------------------------------------------------
    part 1
    --------------------------------------------------------------------------------
     
    #1 lajotadj, Sep 8, 2005
    Last edited: Sep 8, 2005
  2. lajotadj

    lajotadj Member

    Joined:
    Dec 12, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    part 2

    4563 (mysqld_safe) /bin/bash /
    /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-
    file=/var/lib/mysql/nahuel.servermas.com.pid

    --------------------------------------------------------------------------------
    4647 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    4699 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    4700 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    4701 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    4702 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    4703 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    4706 (spamd) /usr/bin/perl /
    spamd child


    --------------------------------------------------------------------------------
    4707 (spamd) /usr/bin/perl /
    spamd child


    --------------------------------------------------------------------------------
    4708 (spamd) /usr/bin/perl /
    spamd child


    --------------------------------------------------------------------------------
    4709 (spamd) /usr/bin/perl /
    spamd child


    --------------------------------------------------------------------------------
    4710 (spamd) /usr/bin/perl /
    spamd child


    --------------------------------------------------------------------------------
    4711 (cpanellogd) /usr/bin/perl /
    cpanellogd - sleeping for logs


    --------------------------------------------------------------------------------
    4728 (entropychat) /usr/bin/perl /
    entropychat


    --------------------------------------------------------------------------------
    4733 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    4734 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    4735 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    4736 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    4751 (stunnel-4.04lo /usr/bin/stunnel-4.04local /usr/local/cpanel/var/run/st
    /usr/bin/stunnel-4.04local
    /usr/local/cpanel/etc/stunnel/default/stunnel.conf.run

    --------------------------------------------------------------------------------
    4780 (cpsrvd) /usr/local/cpanel/cpsrvd /usr/local/cpanel/base
    cpsrvd - waiting for connections


     
  3. lajotadj

    lajotadj Member

    Joined:
    Dec 12, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    and part 3

    --------------------------------------------------------------------------------
    4840 (pure-ftpd) /usr/sbin/pure-ftpd /
    pure-ftpd (SERVER)


    --------------------------------------------------------------------------------
    4844 (pure-authd) /usr/sbin/pure-authd /
    /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/sbin/pureauth


    --------------------------------------------------------------------------------
    4849 (rhnsd) /usr/sbin/rhnsd /
    rhnsd --interval 240


    --------------------------------------------------------------------------------
    4878 (portsentry) /usr/sbin/portsentry /
    /usr/sbin/portsentry -tcp


    --------------------------------------------------------------------------------
    4891 (login) /bin/login /
    login -- root


    --------------------------------------------------------------------------------
    4892 (mingetty) /sbin/mingetty /
    /sbin/mingetty tty2


    --------------------------------------------------------------------------------
    4893 (mingetty) /sbin/mingetty /
    /sbin/mingetty tty3


    --------------------------------------------------------------------------------
    4894 (mingetty) /sbin/mingetty /
    /sbin/mingetty tty4


    --------------------------------------------------------------------------------
    4895 (mingetty) /sbin/mingetty /
    /sbin/mingetty tty5


    --------------------------------------------------------------------------------
    4896 (mingetty) /sbin/mingetty /
    /sbin/mingetty tty6


    --------------------------------------------------------------------------------
    4961 (bash) /bin/bash /root
    -bash


    --------------------------------------------------------------------------------
    6737 (exim) /usr/sbin/exim /var/spool/exim
    /usr/sbin/exim -oX 26 -bd


    --------------------------------------------------------------------------------
    7455 (eximstats) /usr/bin/perl /
    /usr/bin/perl /usr/local/cpanel/bin/eximstats


    --------------------------------------------------------------------------------
    7456 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    9770 (leechprotect) /usr/bin/perl /
    /usr/bin/perl /usr/local/cpanel/bin/leechprotect


    --------------------------------------------------------------------------------
    9771 (httpd) /usr/local/apache/bin/httpd /
    /usr/local/apache/bin/httpd -DSSL


    --------------------------------------------------------------------------------
    9772 (httpd) /usr/local/apache/bin/httpd /
    /usr/local/apache/bin/httpd -DSSL


    --------------------------------------------------------------------------------
    9773 (httpd) /usr/local/apache/bin/httpd /
    /usr/local/apache/bin/httpd -DSSL


    --------------------------------------------------------------------------------
    9774 (httpd) /usr/local/apache/bin/httpd /
    /usr/local/apache/bin/httpd -DSSL


    --------------------------------------------------------------------------------
    9775 (httpd) /usr/local/apache/bin/httpd /
    /usr/local/apache/bin/httpd -DSSL


    --------------------------------------------------------------------------------
    9809 (httpd) /usr/local/apache/bin/httpd /
    /usr/local/apache/bin/httpd -DSSL


    --------------------------------------------------------------------------------
    9810 (httpd) /usr/local/apache/bin/httpd /
    /usr/local/apache/bin/httpd -DSSL


    --------------------------------------------------------------------------------
    9811 (httpd) /usr/local/apache/bin/httpd /
    /usr/local/apache/bin/httpd -DSSL


    --------------------------------------------------------------------------------
    9858 (named) /usr/sbin/named /var/named
    /usr/sbin/named -u named


    --------------------------------------------------------------------------------
    9869 (httpd) /usr/local/apache/bin/httpd /
    /usr/local/apache/bin/httpd -DSSL


    --------------------------------------------------------------------------------
    9872 (httpd) /usr/local/apache/bin/httpd /
    /usr/local/apache/bin/httpd -DSSL


    --------------------------------------------------------------------------------
    18746 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    18858 (mysqld) /usr/sbin/mysqld /var/lib/mysql
    /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --
    pid-file=/var/lib/mysql/nahuel.servermas.com.pid --skip-locking

    --------------------------------------------------------------------------------
    18777 (mailmanctl) /usr/bin/python /usr/local/cpanel/3rdparty/m
    /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl -s
    start

    --------------------------------------------------------------------------------
    18787 (python) /usr/bin/python /usr/local/cpanel/3rdparty/m
    /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner --
    runner=ArchRunner:0:1 -s
    --------------------------------------------------------------------------------
    18788 (python) /usr/bin/python /usr/local/cpanel/3rdparty/m
    /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner --
    runner=BounceRunner:0:1 -s
    --------------------------------------------------------------------------------
    18789 (python) /usr/bin/python /usr/local/cpanel/3rdparty/m
    /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner --
    runner=CommandRunner:0:1 -s
    --------------------------------------------------------------------------------
    18790 (python) /usr/bin/python /usr/local/cpanel/3rdparty/m
    /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner --
    runner=IncomingRunner:0:1 -s
    --------------------------------------------------------------------------------
    18791 (python) /usr/bin/python /usr/local/cpanel/3rdparty/m
    /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner --
    runner=NewsRunner:0:1 -s
    --------------------------------------------------------------------------------
    18792 (python) /usr/bin/python /usr/local/cpanel/3rdparty/m
    /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner --
    runner=OutgoingRunner:0:1 -s
    --------------------------------------------------------------------------------
    18793 (python) /usr/bin/python /usr/local/cpanel/3rdparty/m
    /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner --
    runner=VirginRunner:0:1 -s
    --------------------------------------------------------------------------------
    18794 (python) /usr/bin/python /usr/local/cpanel/3rdparty/m
    /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner --
    runner=RetryRunner:0:1 -s
    --------------------------------------------------------------------------------
    18812 (cppop) /usr/local/cpanel/bin/cppop /
    cppop - accepting on port 110
    --------------------------------------------------------------------------------
    21394 (exim) /usr/sbin/exim /var/spool/exim
    /usr/sbin/exim -bd -q60m
    --------------------------------------------------------------------------------
    21401 (cpsrvd) /usr/local/cpanel/cpsrvd /usr/local/cpanel/whostmgr/d
    whostmgrd - serving 202.1.119.14
    --------------------------------------------------------------------------------
    21402 (whostmgr) /usr/local/cpanel/whostmgr/ /usr/local/cpanel/whostmgr/d
    /usr/local/cpanel/whostmgr/bin/whostmgr ./simpleps
    --------------------------------------------------------------------------------
    21403 (simpleps) /usr/bin/perl /usr/local/cpanel/whostmgr/d
    /usr/bin/perl /scripts/simpleps
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You only need to post a single post of examples. There are probably hundreds of posts for tracking down spammers on your server in these forums and I'd suggest that you do a good search to find out the best steps to take. A good start would be to do a search for nobody spam.

    If you cannot resolve the issue yourself you really ought to hire a server admin to do so for you.
     
  5. abubin

    abubin Well-Known Member

    Joined:
    Dec 7, 2004
    Messages:
    393
    Likes Received:
    1
    Trophy Points:
    18
    you seems to be receiving more spams than sending out. Have you turned off "catch-all"? Look for email tutorials with google and in this forum. Shouldn't be hard to find.
     
Loading...

Share This Page