Spam emails are generating from account

[Arun Seby]

Hi,

After migrating to WHM server one of the account is spending spam emails. I have tried to find the spam originating script but was no luck. I have tried global filter option in cPanel but I guess those will not work for outgoing emails (still I'm not sure about that).

All I need to know is how can I restrict spam sending from my domain, most of them are sending from invalid emails in my account

I'm pasting a message header from my mailq below :

- Removed -

 

[keat63]

Global filters will only work on incoming emails.

Would Maldet help locate the source I wonder ?
Linux Malware Detect – R-fx Networks

 

[Arun Seby]

Hi,

Thanks for the response.

I have tried both Maldet and Clamscan but I believe the issue is not with any infected script file. I believe the spammers are connecting to my SMTP port and do spamming/spoofing.

I have tried the following steps and came under conclusion:

1) Blocked SMTP ports (SSL and non- SSL) in my server firewall
2) I was able to see no more spam emails are generating in the mailque
3) Tested outbound emails from a valid email account in the server and found to be working (If emails were generating from a script in server then still the spam email flow will be there, right ?)
4) Changed the default SMTP port to a different one (25) and allowed the same in firewall
5) The spam email flow started again

Is there any option to disable the reject mails sending from my server to avoid spoofing ?

Regards,

 

[cPanelLauren]

Hi @Arun Seby

Is all the mail originating from [email protected] or is it different non-existent addresses?

 

[Arun Seby]

Hi @Arun Seby

Is all the mail originating from [email protected] or is it different non-existent addresses?

Hi @cPanelLauren ,

No, actually they are originating from different accounts (non-existing) but the domain is always the same. I have other domains also hosted in the server but I see the issue only for this one. Let me know if you need any more details.

Regards

 

[cPanelLauren]

Hi @Arun Seby


The following should help you narrow down either the folder the mail is originating from (if it's a php script) or the email account that is sending mail (if it's a password issue):

perl <(curl -s https://raw.githubusercontent.com/cPanelTechs/SSE/master/sse.pl) -s

 

[Arun Seby]

Hi @Arun Seby


The following should help you narrow down either the folder the mail is originating from (if it's a php script) or the email account that is sending mail (if it's a password issue):

perl <(curl -s https://raw.githubusercontent.com/cPanelTechs/SSE/master/sse.pl) -s

Hi @cPanelLauren ,
That helped me, it was not a one day job but I was able to narrow down the issue to some IP's and after blocking them in firewall the spamming stopped. Thanks for the help.

Regards