Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spam being sent from server?

Discussion in 'E-mail Discussion' started by penutz, Mar 23, 2008.

  1. penutz

    penutz Member

    Joined:
    Aug 23, 2005
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    151
    I believe I have a user that is sending spam but I can not find the source. Her pages are all html, not using any php or cgi scripts. Not even formmail. I enabled +all in exim logging and I have an example below. I am trying to tell if that is outgoing email or incoming email?

    test-art.com is the domain of the customer. The email address chapmann@test-art.com is fake. This is putting a huge load on the server, but it is wierd. It is like the server is spamming users on its self. Can anyone understand this?

    2008-03-22 18:15:34 [31870] 1JdCvx-0008I2-TV H=dslb-084-061-015-076.pools.arcor-ip.net [84.61.15.76]:10802 I=[216.5272.8]:25 Warning: "SpamAssassin as tlively detected message as spam (134.9)"
    2008-03-22 18:15:34 [31870] 1JdCvx-0008I2-TV <= Sham-itiab@RLG.COM.AU H=dslb-084-061-015-076.pools.arcor-ip.net [84.61.15.76]:10802 I=[216.52.72.8]:25 P=esmtp S=2913 id=45A65243-0F93-8CFD-1775-C36A28E6BAA1@test-art.com T="Destiny In Your Hands" from <Sham-itiab@RLG.COM.AU> for chapmann@test-art.com
    2008-03-22 18:15:34 [31881] cwd=/var/spool/exim 3 args: /usr/local/sbin/exim -Mc 1JdCvx-0008I2-TV
    2008-03-22 18:15:34 [31881] 1JdCvx-0008I2-TV => tlively <chapmann@test-art.com> F=<Sham-itiab@RLG.COM.AU> P=<Sham-itiab@RLG.COM.AU> R=localuser_spam T=local_delivery_spam S=2995 QT=5s DT=0s
    2008-03-22 18:15:34 [31881] 1JdCvx-0008I2-TV Completed QT=5s
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Set the default address to :fail: that should help here I think.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice