The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam Injection, generated on fake emails

Discussion in 'E-mail Discussions' started by tangowebs, Mar 30, 2010.

  1. tangowebs

    tangowebs Well-Known Member

    Joined:
    Oct 12, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    156
    Hi, my server is being injected with spam, originated in fake @yahoo.com emails that seem to be hosted into server, but ofc they are not.
    Ive been trying to look for the script that is injecting, enabled headers, monitored queue but im not able to determine where those emails are being injected from.

    In common, all the spam is being created like @yahoo.com adress.
    How can i determine where is this being injected from?
    Apreciate ur help, im becoming crazy!
     
    #1 tangowebs, Mar 30, 2010
  2. m4rc3

    m4rc3 Active Member

    Joined:
    Mar 26, 2010
    Messages:
    39
    Likes Received:
    2
    Trophy Points:
    58
    You need to enable extended logging on exim so you can check where those emails are coming from.

    Add this to exim.conf and restart it.
    Code:
    log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
    then you can use something like this to check where the emails are coming from.
    This will list the folder that sends mails and how many has sent.
    Code:
    grep cwd= /var/log/exim_mainlog| awk '{print $3}' | cut -d= -f2 | sort | uniq -c | sort -n
     
    #2 m4rc3, Mar 31, 2010
(You must log in or sign up to post here.)
Loading...
Similar Threads - Spam Injection generated
  1. SoftDux

    Track outgoing SPAM?

    SoftDux, Jul 21, 2017 at 2:31 AM, in forum: E-mail Discussions
    Replies:
    1
    Views:
    40
    cPanelMichael
    Jul 21, 2017 at 11:34 AM
  2. Augusto Will

    Move all mails from all accounts to spam folder if some header is found

    Augusto Will, Jul 20, 2017 at 1:20 PM, in forum: E-mail Discussions
    Replies:
    3
    Views:
    53
    cPanelMichael
    Jul 24, 2017 at 2:23 PM
  3. chrismfz

    Spam Learning - sa-learn integration ?

    chrismfz, Jul 15, 2017, in forum: E-mail Discussions
    Replies:
    1
    Views:
    55
    cPanelMichael
    Jul 17, 2017
  4. sgwd

    Spam source is manually blacklisted

    sgwd, Jul 14, 2017, in forum: E-mail Discussions
    Replies:
    2
    Views:
    57
    cPanelMichael
    Jul 17, 2017
  5. randee

    Spam email filling mail queue

    randee, Jul 14, 2017, in forum: E-mail Discussions
    Replies:
    3
    Views:
    71
    cPanelMichael
    Jul 17, 2017

Share This Page