SMTP Restriction, SPAM Attacks

[tmssyed]

I have recently disable "SMTP Restrictions".

Problem is that now there is various attack from spammers.

My server is sending spam email from a domain.

these users doesn't have any email accounts either in the cpanel , still they are originating from my server.

Event: success
Sender User: domain-name
Sender Domain: domain-name
Sender: [email protected] ( this user doesn't exist in mail accounts )
Sent Time: Aug 17, 2015 10:42:10 AM
Sender Host: localhost
Sender IP: 127.0.0.1
Authentication: localuser


Is the website compromised or my server ?

Please advice for protection against these act .

P.S i already have LFD

 

[24x7server]

I think your website is sending mail through php mail function. May be your account compromised and due to that your site is sending all these mails. I will suggest you please update your web scripts to latest version and delete all unwanted files from your account.

 

[cPanelMichael]

Hello

The following command can help determine which account has the most email originating from it:

awk '/cwd=\/home\// {print $3}' /var/log/exim_mainlog|sort|uniq -c|sort -n

The command checks /var/log/exim_mainlog for the paths of scripts in the /home directory that are sending emails, and then sorts them from highest to lowest, based on the number of emails found in the log from that path.

Thank you.