The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam being sent from server?

Discussion in 'E-mail Discussions' started by penutz, Mar 23, 2008.

  1. penutz

    penutz Member

    Joined:
    Aug 23, 2005
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I believe I have a user that is sending spam but I can not find the source. Her pages are all html, not using any php or cgi scripts. Not even formmail. I enabled +all in exim logging and I have an example below. I am trying to tell if that is outgoing email or incoming email?

    test-art.com is the domain of the customer. The email address chapmann@test-art.com is fake. This is putting a huge load on the server, but it is wierd. It is like the server is spamming users on its self. Can anyone understand this?

    2008-03-22 18:15:34 [31870] 1JdCvx-0008I2-TV H=dslb-084-061-015-076.pools.arcor-ip.net [84.61.15.76]:10802 I=[216.5272.8]:25 Warning: "SpamAssassin as tlively detected message as spam (134.9)"
    2008-03-22 18:15:34 [31870] 1JdCvx-0008I2-TV <= Sham-itiab@RLG.COM.AU H=dslb-084-061-015-076.pools.arcor-ip.net [84.61.15.76]:10802 I=[216.52.72.8]:25 P=esmtp S=2913 id=45A65243-0F93-8CFD-1775-C36A28E6BAA1@test-art.com T="Destiny In Your Hands" from <Sham-itiab@RLG.COM.AU> for chapmann@test-art.com
    2008-03-22 18:15:34 [31881] cwd=/var/spool/exim 3 args: /usr/local/sbin/exim -Mc 1JdCvx-0008I2-TV
    2008-03-22 18:15:34 [31881] 1JdCvx-0008I2-TV => tlively <chapmann@test-art.com> F=<Sham-itiab@RLG.COM.AU> P=<Sham-itiab@RLG.COM.AU> R=localuser_spam T=local_delivery_spam S=2995 QT=5s DT=0s
    2008-03-22 18:15:34 [31881] 1JdCvx-0008I2-TV Completed QT=5s
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Set the default address to :fail: that should help here I think.
     
Loading...

Share This Page