Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spam emails are generating from account

Discussion in 'E-mail Discussion' started by Arun Seby, Apr 7, 2019.

  1. Arun Seby

    Arun Seby Member

    Joined:
    Apr 7, 2019
    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    kerala
    cPanel Access Level:
    Root Administrator
    Hi,

    After migrating to WHM server one of the account is spending spam emails. I have tried to find the spam originating script but was no luck. I have tried global filter option in cPanel but I guess those will not work for outgoing emails (still I'm not sure about that).

    All I need to know is how can I restrict spam sending from my domain, most of them are sending from invalid emails in my account

    I'm pasting a message header from my mailq below :

    - Removed -
     
    #1 Arun Seby, Apr 7, 2019
    Last edited by a moderator: Apr 7, 2019
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,207
    Likes Received:
    75
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Arun Seby likes this.
  3. Arun Seby

    Arun Seby Member

    Joined:
    Apr 7, 2019
    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    kerala
    cPanel Access Level:
    Root Administrator
    Hi,

    Thanks for the response.

    I have tried both Maldet and Clamscan but I believe the issue is not with any infected script file. I believe the spammers are connecting to my SMTP port and do spamming/spoofing.

    I have tried the following steps and came under conclusion:

    1) Blocked SMTP ports (SSL and non- SSL) in my server firewall
    2) I was able to see no more spam emails are generating in the mailque
    3) Tested outbound emails from a valid email account in the server and found to be working (If emails were generating from a script in server then still the spam email flow will be there, right ?)
    4) Changed the default SMTP port to a different one (25) and allowed the same in firewall
    5) The spam email flow started again

    Is there any option to disable the reject mails sending from my server to avoid spoofing ?

    Regards,
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,791
    Likes Received:
    442
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Arun Seby

    Is all the mail originating from anthony_d2@mydomain or is it different non-existent addresses?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Arun Seby

    Arun Seby Member

    Joined:
    Apr 7, 2019
    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    kerala
    cPanel Access Level:
    Root Administrator
    Hi @cPanelLauren ,

    No, actually they are originating from different accounts (non-existing) but the domain is always the same. I have other domains also hosted in the server but I see the issue only for this one. Let me know if you need any more details.

    Regards
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,791
    Likes Received:
    442
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Arun Seby


    The following should help you narrow down either the folder the mail is originating from (if it's a php script) or the email account that is sending mail (if it's a password issue):

    Code:
    perl <(curl -s https://raw.githubusercontent.com/cPanelTechs/SSE/master/sse.pl) -s
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Arun Seby and amstel like this.
  7. Arun Seby

    Arun Seby Member

    Joined:
    Apr 7, 2019
    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    kerala
    cPanel Access Level:
    Root Administrator

    Hi @cPanelLauren ,
    That helped me, it was not a one day job but I was able to narrow down the issue to some IP's and after blocking them in firewall the spamming stopped. Thanks for the help.

    Regards
     
    cPanelLauren likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice