Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spam Injection, generated on fake emails

Discussion in 'E-mail Discussion' started by tangowebs, Mar 30, 2010.

  1. tangowebs

    tangowebs Well-Known Member

    Joined:
    Oct 12, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    156
    Hi, my server is being injected with spam, originated in fake @yahoo.com emails that seem to be hosted into server, but ofc they are not.
    Ive been trying to look for the script that is injecting, enabled headers, monitored queue but im not able to determine where those emails are being injected from.

    In common, all the spam is being created like @yahoo.com adress.
    How can i determine where is this being injected from?
    Apreciate ur help, im becoming crazy!
     
    #1 tangowebs, Mar 30, 2010
  2. m4rc3

    m4rc3 Active Member

    Joined:
    Mar 26, 2010
    Messages:
    39
    Likes Received:
    2
    Trophy Points:
    58
    You need to enable extended logging on exim so you can check where those emails are coming from.

    Add this to exim.conf and restart it.
    Code:
    log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
    then you can use something like this to check where the emails are coming from.
    This will list the folder that sends mails and how many has sent.
    Code:
    grep cwd= /var/log/exim_mainlog| awk '{print $3}' | cut -d= -f2 | sort | uniq -c | sort -n
     
    #2 m4rc3, Mar 31, 2010
(You must log in or sign up to post here.)
Loading...
Similar Threads - Spam Injection generated
  1. mvandemar

    New Thread Getting spammed with exim/imap failed messages

    mvandemar, Dec 16, 2018 at 9:32 PM, in forum: E-mail Discussion
    Replies:
    1
    Views:
    35
    mvandemar
    Dec 16, 2018 at 10:06 PM
  2. RetiredAF

    New Thread Notify User when outgoing email is considered spam

    RetiredAF, Dec 15, 2018 at 12:04 PM, in forum: E-mail Discussion
    Replies:
    0
    Views:
    106
    RetiredAF
    Dec 15, 2018 at 12:04 PM
  3. DennisMidjord

    New Thread Why is SpamBox not enabled by default?

    DennisMidjord, Dec 11, 2018 at 4:05 AM, in forum: E-mail Discussion
    Replies:
    17
    Views:
    403
    DennisMidjord
    Dec 13, 2018 at 3:37 PM
  4. RobinF28

    SOLVED DKIM for 'root' user, to avoid emails going to spam

    RobinF28, Dec 8, 2018, in forum: E-mail Discussion
    Replies:
    2
    Views:
    324
    RobinF28
    Dec 10, 2018
  5. DigitalEssence

    Emails Bypassing RBL Reject and SpamAssassin Bounce

    DigitalEssence, Dec 6, 2018, in forum: E-mail Discussion
    Replies:
    5
    Views:
    460
    cPanelLauren
    Dec 10, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice