Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Sending SPAM e-mails

Discussion in 'E-mail Discussion' started by wbxservicos, Sep 18, 2014.

  1. wbxservicos

    wbxservicos Registered

    Joined:
    Jul 1, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I have a Server with Linux/Cpanel, which is hosted about 55 clients (sites, e-mails, etc…), because vulnerability of these clients, some people are sending SPAM without using any e-mail account from the mail server, by the way our mail server is Exim. I would like to know how could I block this type of send e-mail in the server?
     
  2. triantech

    triantech Well-Known Member

    Joined:
    Jul 1, 2014
    Messages:
    143
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Kochi, India, India
    cPanel Access Level:
    Root Administrator
    Hey,

    It would probably have to do with invalid scripts in any of your domain which is casing this.
    You might want to check from which domain the script is coming from.

    A one-liner which would help you :

    ( try this command via SSH and see if you can locate the scripts )

    - awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1

    Thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,435
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    In addition to the previous reply, you may also find the following document helpful:

    Prevent Email Abuse

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. wbxservicos

    wbxservicos Registered

    Joined:
    Jul 1, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    That was the answer :

    Code:
    [13:13:09 root@default ~]# awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
          1 cwd=/home/postonb
          1 cwd=/home/servidores/public_html/wp-admin
          1 cwd=/home/shopping/public_html
          1 cwd=/home/wbxservicos/public_html
          1 cwd=/home/zzagcom/public_html
          2 cwd=/home/andreiab/public_html
          2 cwd=/home/andreiab/public_html/wp-admin
          4 cwd=/home/auditiva/public_html
          4 cwd=/home/revended
          4 cwd=/home/tagboxco
          4 cwd=/home/zzagcom
          5 cwd=/home/servidores/public_html
          6 cwd=/home/i9buscom/public_html
          6 cwd=/home/marmocom/public_html
          7 cwd=/home/balisunc/public_html/wp-admin
         13 cwd=/home/panorami
         20 cwd=/home/bwwlogcom/public_html
         33 cwd=/home/agencia110/public_html/projeto/preambulo
         44 cwd=/home/agencia110/public_html/projeto/idealsoft/ws
         70 cwd=/home/balisunc/public_html
        317 cwd=/home/webeerap
        364 cwd=/home/jujordao/public_html/wp-content/plugins/types/embedded/onthego-resources/onthegosystems-icons/css
    I would like to know what this result means ?
     
    #4 wbxservicos, Sep 18, 2014
    Last edited by a moderator: Sep 18, 2014
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,435
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    The number on the left is the number of entries for that directory /var/log/exim_mainlog, indicating the script in that directory is sending email. Check the directories with high sending numbers to ensure legitimate mail is coming from them.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. triantech

    triantech Well-Known Member

    Joined:
    Jul 1, 2014
    Messages:
    143
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Kochi, India, India
    cPanel Access Level:
    Root Administrator
    Hey,

    You might check the scripts in '/home/jujordao/public_html/wp-content/plugins/types/embedded/onthego-resources/onthegosystems-icons/css' are safe ones. vulnerable WP plugins have been causing these sorta issues for a loooong time !
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice