The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spamming in server

Discussion in 'E-mail Discussions' started by nitaish, Mar 6, 2010.

  1. nitaish

    nitaish Well-Known Member
    PartnerNOC

    Joined:
    Jan 6, 2006
    Messages:
    123
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Mulund, India, India
    I can see a lot of spam emails being sent out from one of our servers, but I am not able to find out the email user which is being used for SMTP authentication. From the headers of the spam emails, I can understand that one of my customers' computer is infected with virus and is sending out spam emails. I can see the IPs of a local ISP in the header, however, blocking the IP does not work as it seems he does not have a static IP as the IP changes everytime. What is the best way to find out which email account is being used for sending spam from the server?
     
  2. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    You will have to check the header ID in your email logs and check for the email address. You can get the email logs from the /var/log/exim_mainlog. You can check the particular header ID using the below mentioned command:

    cat /var/log/exim_mainlog | grep header ID.
     
  3. nitaish

    nitaish Well-Known Member
    PartnerNOC

    Joined:
    Jan 6, 2006
    Messages:
    123
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Mulund, India, India
    I could find the domain from which the spamming was happening by enabling Extended logging in cpanel.
     
Loading...

Share This Page