Spammers send emails from our Server with nonexistent email accounts

Fatih Aytekin · Aug 10, 2015

Hi,

Today, we noticed that our several IPs were added to some blacklists. We changed the outgoing IP and when we looked at Mail Queue Manager we noticed that some spammers are sending spam emails from our server with nonexistent accounts.

This spam action is still in progress. How can they send emails from nonexistent accounts with success? How can we stop this attack?

We will be appreciated if you help us for the issue.

Best Regards
Fatih Ayetkin

cPanelMichael · Aug 10, 2015

Hello

Do you notice any additional information when viewing the message headers of these SPAM messages? What entries do you see for these messages in /var/log/exim_mainlog? This command will help determine which directory the messages are coming from if the SPAM messages are sent through PHP:

Code:

awk '/cwd=\/home\// {print $3}' /var/log/exim_mainlog|sort|uniq -c|sort -n

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
E	Under attack by spammers - need more than only limits returned in Exim Mail Queue on forwarder only messages	Email	1	Dec 3, 2019
B	Preventing Boxtrapper backscatter - one weird little trick that spammers HATE!	Email	3	Feb 17, 2015
L	App for Cpanel to prevent hackers/spammers from using my server to send spam?	Email	1	Jun 28, 2007
M	Howto stop spammers from sending [email protected] ... although the domain has no e	Email	2	Sep 30, 2006
P	Spammers sending based on A record, not MX	Email	4	Jan 14, 2005

Search

Search

Spammers send emails from our Server with nonexistent email accounts

Fatih Aytekin

Registered

cPanelMichael

Administrator