Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Serious SPAM Help !!

Discussion in 'General Discussion' started by PDW, Apr 18, 2006.

  1. PDW

    PDW Well-Known Member

    Joined:
    Dec 29, 2003
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    166
    I need some serious help with a SPAM issue on my server. Starting a few weeks ago the server load jumped and I saw a huge increase amount of SPAM being sent from
    the server. This is odd since I have everything isntalled and blocked properly. Running pop before smtp, phpsuex etc... I have mod_sec. installed, and I am tracking all of the emails.
    I have checked for insecure scripts....

    In fact this is on one of my own domains that I own myself.
    Relaying is closed
    and tested.
    All updated are done and running.
    APF firewall up and running as well as bfd


    I tracked the email logs and here is an example that I got today on this
    2006-04-18 05:21:10 1FVpCf-00013R-UX <= incident@s2.swat1.com U=incident P=local S=4517 T="Voce recebeu um cartao" from <incident@s2.swat1.com> for igfreit$
    2006-04-18 05:21:10 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1FVpCf-00013R-UX

    I have changed the "Incident" Password, that does not do anything.

    Any other suggestions?
     
    #1 PDW, Apr 18, 2006
  2. AndyReed

    AndyReed Well-Known Member PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    4
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    Track dwon the script used to send out email.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 AndyReed, Apr 18, 2006
  3. PDW

    PDW Well-Known Member

    Joined:
    Dec 29, 2003
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    166
    Its not a script. there are no scripts there in that location.
     
    #3 PDW, Apr 18, 2006
  4. chirpy

    chirpy Well-Known Member Verifed Vendor

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    The following might provide more information:

    grep 1FVpCf-00013R-UX /var/log/exim_mainlog

    The log line does suggest that the email was sent from within the incident but locally on the server (i.e. not from an external email client).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 chirpy, Apr 20, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - Serious SPAM Help
  1. thanasis

    System is sending Spam emails

    thanasis, Mar 18, 2019 at 4:34 AM, in forum: E-mail Discussion
    Replies:
    4
    Views:
    239
    cPanelMichael
    Mar 19, 2019 at 2:27 PM
  2. rendy alexander

    Failed to start Apache SpamAssassin error

    rendy alexander, Mar 14, 2019, in forum: General Discussion
    Replies:
    1
    Views:
    191
    cPanelLauren
    Mar 14, 2019
  3. youceffk

    Server accepting emails that score above Spam Threshold Score

    youceffk, Mar 13, 2019, in forum: E-mail Discussion
    Replies:
    3
    Views:
    366
    cPanelLauren
    Mar 13, 2019
  4. pmcgilli

    In Progress [CPANEL-26179] Starting Spamd errors out with The system failed to execute the system call setrlimit

    pmcgilli, Mar 11, 2019, in forum: E-mail Discussion
    Replies:
    2
    Views:
    284
    cPanelLauren
    Mar 12, 2019
  5. FM Kappungal

    SOLVED White-list/Black-list address on SpamAssassin for entire server

    FM Kappungal, Mar 10, 2019, in forum: E-mail Discussion
    Replies:
    5
    Views:
    574
    keat63
    Mar 14, 2019

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice