Spammers send emails from our Server with nonexistent email accounts

Fatih Aytekin

Registered
Jul 23, 2015
1
0
1
Turkey
cPanel Access Level
Website Owner
Hi,

Today, we noticed that our several IPs were added to some blacklists. We changed the outgoing IP and when we looked at Mail Queue Manager we noticed that some spammers are sending spam emails from our server with nonexistent accounts.

This spam action is still in progress. How can they send emails from nonexistent accounts with success? How can we stop this attack?

We will be appreciated if you help us for the issue.

Best Regards
Fatih Ayetkin
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello :)

Do you notice any additional information when viewing the message headers of these SPAM messages? What entries do you see for these messages in /var/log/exim_mainlog? This command will help determine which directory the messages are coming from if the SPAM messages are sent through PHP:

Code:
awk '/cwd=\/home\// {print $3}' /var/log/exim_mainlog|sort|uniq -c|sort -n
Thank you.