SPAM Email getting sent through default email ( I think )

mlong2001 · Sep 18, 2023

I have a site where I am fighting some SPAM emails from being sent through our server. These are clearly SPAM emails you can see that in the attached image. I need to get them stopped but what I have tried so far has not worked completely. They have however slowed down slightly but not completely.

There are no emails on the cPanel account other than the default email that I cannot turn off.

This is what I have done ...
Changed Password on the cPanel Account which then in turn changes the password on the default email account.
Made sure nobody sending emails is turned on
Made sure SMTP restriction is turned on

What else is there to do? Or what should I add to my list?

cPRex · Sep 18, 2023

Hey there! Your best option would be to look through the Exim logs as outlined here:

How to find the source of spam emails

Introduction In this article, we will be exploring means to determine how spam emails were sent from your server. This is meant to guide you in the right direction in which a further, more in-dep...

support.cpanel.net

Since your issue has already happened, you can likely just skip down to the large command of

Code:

awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr

to parse the Exim log and see where messages are coming from. Here is an example from my personal server, although I don't have much mail activity:

Code:

# awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
508 cwd=/etc/csf
81 cwd=/var/spool/exim

That would at least tell you the directories that are sending email.

mlong2001 · Sep 18, 2023

I know what account it is coming from. I just dont know how to make it stop.

cPRex · Sep 19, 2023

Knowing the account is only half the battle. Those logs would show the exact directory the mail is being sent from, which should help you find the location of the script that is sending the message, if it is an automated script.

mlong2001 · Sep 19, 2023

So when I run that it gives me just the directory of the account ... not a subdirectory to go look in a folder for files / code that is sending an email. Is there another command to drill down into that?

cPRex · Sep 19, 2023

No, that would indicate the email is coming from that directory. That means you'd want to check /home/username (or whatever specific directory it says) for files that could be sending the email.

Thread starter	Similar threads	Forum	Replies	Date
	Getting emails (SPAM) from another server through PHP script	Email	6	Apr 16, 2021
E	Mail domain with "Maximum Hourly Email by Domain Relayed" value of 50 000 keeps on getting spammed	Email	8	Feb 1, 2021
M	Other contributors to emails getting marked as spam	Email	1	Feb 10, 2020
P	Apple User Email Password Keeps Getting Compromised Sending Spam Thought?	Email	7	Dec 18, 2019
V	how do i stop getting spam emails	Email	2	Aug 15, 2007

Search

Search

SPAM Email getting sent through default email ( I think )

mlong2001

Member

Attachments

cPRex

Jurassic Moderator

How to find the source of spam emails

mlong2001

Member

cPRex

Jurassic Moderator

mlong2001

Member

cPRex

Jurassic Moderator