Spammer using server to send? Getting tons of bounces to catch-all


Well-Known Member
Mar 3, 2004
Chandler, AZ
cPanel Access Level
Root Administrator
I got a few hundred emails through our catch-all (I think they all went to [email protected]) and all were random crap like bounced messages from other domains and emails that I THINK were originally sent using our domain as the sender - explaining why all the unknown emails bounced back to us...

The subjects ranged from:

Delivery Status Notification (Failure)
Undelivered Mail Returned to Sender
Unable to deliver your message
Returned mail: see transcript for details

etc etc - the list goes on....

I noticed most of them included the original message (below) sent from that [email protected]:
SUBJECT: Surprise Her!

Best prices, best shipping!

Get it here <>

Now when I check out my cPanel mail stats this is what I see....
Top 50 sending hosts by message count
685 38MB local

Top 50 sending hosts by volume
685 38MB local
16 10MB

Top 50 local senders by message count
464 32MB myusername

Top 50 host destinations by volume
2117 101MB local
Now I've already made our catch-all goto :fail: for now at least, but I want to make sure that nobody is using our server or a webform or anything to send this crap. How do I know how they did this and how do I elimiate this from happening again?


Well-Known Member
May 29, 2004
Minneapolis, MN
Although this problem was covered hundreds of times in these formus, you need to find out the script used to send out SPAM throughout your server. Clean up, and then you can apply several security patches that can be found in these forums as well.