The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stop sending SPAM

Discussion in 'E-mail Discussions' started by PatrickVeenstra, Nov 30, 2015.

  1. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    One of my accounts is sending out SPAM. There shouldn't be any script that can do such a thing :( Here's the header of one of the outgoing messages (from ConfigServe Mail Queues):

    Code:
    190P Received: from [209.51.129.36] (port=46719 helo=mydomain.eu)
    by angels2.mydomain.eu with esmtpa (Exim 4.86)
    (envelope-from <info@mydomain.eu>)
    id 1a3POQ-00047r-4p; Mon, 30 Nov 2015 15:25:26 +0100
    113P Received: from snmp.otwaloow.com [27.186.210.20] by smtp18.yenddx.com with QMQP; Mon, 30 Nov 2015 17:08:04 +0300
    041I Message-ID: <E8C74B1F.FED5A0A8@mydomain.eu>
    
    What's the best way to stop the server from sending emails?
    I suppose that I don't use QMQP myself, so blocking that would be a solution as well.
    Is it possible to not send any emails that don't contain a particular header?

    updated: after emptying the mail queue, new messages are still added. Here's another header:

    Code:
    Return-path: <info@mydomain.eu>
    Received: from [209.51.129.34] (port=56672 helo=mydomain.eu)
        by angels2.mydomain.eu with esmtpa (Exim 4.86)
        (envelope-from <info@mydomain.eu>)
        id 1a3QgN-0007B9-HT; Mon, 30 Nov 2015 16:48:03 +0100
    Received: from asx121.turbo-inline.com ([Mon, 30 Nov 2015 18:32:02 +0300])
        by nntp.pinxodet.net with SMTP; Mon, 30 Nov 2015 18:32:02 +0300
    Received: from smtp18.yenddx.com ([54.21.249.110]) by mail.gimmicc.net with NNFMP; Mon, 30 Nov 2015 18:17:08 +0300
    Received: from external.newsubdomain.com ([182.37.151.136]) by m1.gns.snv.thisdomainl.com with ESMTP; Mon, 30 Nov 2015 18:04:23 +0300
    Received: from unknown (152.115.29.201)
        by mx03.listsystemsf.net with SMTP; Mon, 30 Nov 2015 17:59:18 +0300
    Received: from relay-x.misswldrs.com [172.144.91.221] by smtp.mixedthings.net with SMTP; Mon, 30 Nov 2015 17:50:55 +0300
    
    Now there's NNFMP in stead of QMQP. I'm wondering, messages I send myself aren't "received" are they?
     
    #1 PatrickVeenstra, Nov 30, 2015
    Last edited by a moderator: Dec 1, 2015
  2. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    Just found this in Exim: "Scan outgoing messages for spam and reject based on the Apache SpamAssassin™ internal spam_score setting"

    That should fix this issue, right?

    While we're on it, what's the difference between that and "Scan outgoing messages for spam and reject based on defined Apache SpamAssassin™ score". I suppose that the later allows to customize the former, but what's the 'default value'?
     
    #2 PatrickVeenstra, Nov 30, 2015
    Last edited: Nov 30, 2015
  3. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    seems an account got compromised. SpamAssassin was useless, but changing the password seems to have worked.

    In case someone else has such a problem, goto: Home »Email »Mail Delivery Reports
    the sent emails had "Authentication: dovecot_login"
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page