Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spamming in server

Discussion in 'E-mail Discussion' started by nitaish, Mar 6, 2010.

  1. nitaish

    nitaish Well-Known Member
    PartnerNOC

    Joined:
    Jan 6, 2006
    Messages:
    133
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Mulund, India, India
    I can see a lot of spam emails being sent out from one of our servers, but I am not able to find out the email user which is being used for SMTP authentication. From the headers of the spam emails, I can understand that one of my customers' computer is infected with virus and is sending out spam emails. I can see the IPs of a local ISP in the header, however, blocking the IP does not work as it seems he does not have a static IP as the IP changes everytime. What is the best way to find out which email account is being used for sending spam from the server?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    68
    You will have to check the header ID in your email logs and check for the email address. You can get the email logs from the /var/log/exim_mainlog. You can check the particular header ID using the below mentioned command:

    cat /var/log/exim_mainlog | grep header ID.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. nitaish

    nitaish Well-Known Member
    PartnerNOC

    Joined:
    Jan 6, 2006
    Messages:
    133
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Mulund, India, India
    I could find the domain from which the spamming was happening by enabling Extended logging in cpanel.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice