The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SPAM Source Identification not possible..

Discussion in 'E-mail Discussions' started by musti19, Sep 10, 2013.

  1. musti19

    musti19 Well-Known Member

    Joined:
    Jan 20, 2013
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hello,
    last days my system sends/receive spam mails and i cant find out where the problem is.
    the spams were sent over the additional exim mail IP.

    Currently i have CSF Firewall and limitation for cPanel User (maximum percentage failed...)

    Lot of spam mails to a spefic email adress:
    [bounce] to username @ hotmail.com:
    Code:
    1VJA2p-0004Ud-BK-H
    mailnull 47 12
    <>
    1378766095 0
    -ident mailnull
    -received_protocol local
    -body_linecount 54
    -max_received_linelength 130
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -frozen 1378766097
    -localerror
    XX
    1
    username @ domain.com.br
    
    157P Received: from mailnull by [B]EDITED[/B] with local (Exim 4.80.1)
    	id 1VJA2p-0004Ud-BK
    	for username @ domain.com.br; Tue, 10 Sep 2013 00:34:55 +0200
    048  X-Failed-Recipients: root@[B]MY Serverdom[/B]
    029  Auto-Submitted: auto-replied
    065F From: Mail Delivery System <Mailer-Daemon@[B]EDITED[/B]>
    028T To: username@ domain.com.br
    059  Subject: Mail delivery failed: returning message to sender
    054I Message-Id: <E1VJA2p-0004Ud-BK@[B]EDITED[/B]>
    038  Date: Tue, 10 Sep 2013 00:34:55 +0200
    FROM username @ hotmail.com (4 emails in queue) :
    Code:
    1VJBdC-0002gn-1X-H
    mailnull 47 12
    <username @ hotmail.com>
    1378772194 0
    -helo_name localhost
    -host_address 127.0.0.1.52360
    -host_name localhost
    -interface_address 127.0.0.1.25
    -received_protocol esmtp
    -aclc _authenticated_local_user 4
    root
    -body_linecount 17
    -max_received_linelength 69
    XX
    1
    username @ peoplepc.com
    
    224P Received: from localhost ([127.0.0.1]:52360)
    	by [B]EDITED[/B] with esmtp (Exim 4.80.1)
    	(envelope-from <username @ hotmail.com>)
    	id 1VJBdC-0002gn-1X
    	for username @ peoplepc.com; Tue, 10 Sep 2013 02:16:34 +0200
    059F From: username here. <username @ hotmail.com>
    033R Reply-To: username @ gmail.com
    021  Subject: RE: URGENT!
    018  MIME-Version: 1.0
    025  Content-Type: text/plain
    032  Content-Transfer-Encoding: 8bit
    can anyone help me, thank you
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Try checking your mail queue to see if additional SPAM messages still exist in the queue:

    "WHM Home » Email » Mail Queue Manager"

    You can look at the message header and body to see if you can find out if an actual username authenticated, or if it was sent from a script.

    The following document is useful if you want to prevent email abuse:

    cPanel - Prevent Email Abuse

    Thank you.
     
  3. musti19

    musti19 Well-Known Member

    Joined:
    Jan 20, 2013
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    hello,
    i cant see any usernames in message header or body. This is why i asked for other ways to find the source problem :)

    The steps except: "Step 3 suphp" , is already configured.
    i use fcgi.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's possible that the message was sent out by an authenticated email account. It's difficult to determine the exact source or to know if an account username was listed in the email headers because those aspects were edited out of your original message.

    Thank you.
     
Loading...

Share This Page