Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Stop sending SPAM

Discussion in 'E-mail Discussion' started by PatrickVeenstra, Nov 30, 2015.

  1. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    104
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    One of my accounts is sending out SPAM. There shouldn't be any script that can do such a thing :( Here's the header of one of the outgoing messages (from ConfigServe Mail Queues):

    Code:
    190P Received: from [209.51.129.36] (port=46719 helo=mydomain.eu)
    by angels2.mydomain.eu with esmtpa (Exim 4.86)
    (envelope-from <info@mydomain.eu>)
    id 1a3POQ-00047r-4p; Mon, 30 Nov 2015 15:25:26 +0100
    113P Received: from snmp.otwaloow.com [27.186.210.20] by smtp18.yenddx.com with QMQP; Mon, 30 Nov 2015 17:08:04 +0300
    041I Message-ID: <E8C74B1F.FED5A0A8@mydomain.eu>
    
    What's the best way to stop the server from sending emails?
    I suppose that I don't use QMQP myself, so blocking that would be a solution as well.
    Is it possible to not send any emails that don't contain a particular header?

    updated: after emptying the mail queue, new messages are still added. Here's another header:

    Code:
    Return-path: <info@mydomain.eu>
    Received: from [209.51.129.34] (port=56672 helo=mydomain.eu)
        by angels2.mydomain.eu with esmtpa (Exim 4.86)
        (envelope-from <info@mydomain.eu>)
        id 1a3QgN-0007B9-HT; Mon, 30 Nov 2015 16:48:03 +0100
    Received: from asx121.turbo-inline.com ([Mon, 30 Nov 2015 18:32:02 +0300])
        by nntp.pinxodet.net with SMTP; Mon, 30 Nov 2015 18:32:02 +0300
    Received: from smtp18.yenddx.com ([54.21.249.110]) by mail.gimmicc.net with NNFMP; Mon, 30 Nov 2015 18:17:08 +0300
    Received: from external.newsubdomain.com ([182.37.151.136]) by m1.gns.snv.thisdomainl.com with ESMTP; Mon, 30 Nov 2015 18:04:23 +0300
    Received: from unknown (152.115.29.201)
        by mx03.listsystemsf.net with SMTP; Mon, 30 Nov 2015 17:59:18 +0300
    Received: from relay-x.misswldrs.com [172.144.91.221] by smtp.mixedthings.net with SMTP; Mon, 30 Nov 2015 17:50:55 +0300
    
    Now there's NNFMP in stead of QMQP. I'm wondering, messages I send myself aren't "received" are they?
     
    #1 PatrickVeenstra, Nov 30, 2015
    Last edited by a moderator: Dec 1, 2015
  2. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    104
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    Just found this in Exim: "Scan outgoing messages for spam and reject based on the Apache SpamAssassin™ internal spam_score setting"

    That should fix this issue, right?

    While we're on it, what's the difference between that and "Scan outgoing messages for spam and reject based on defined Apache SpamAssassin™ score". I suppose that the later allows to customize the former, but what's the 'default value'?
     
    #2 PatrickVeenstra, Nov 30, 2015
    Last edited: Nov 30, 2015
  3. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    104
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    seems an account got compromised. SpamAssassin was useless, but changing the password seems to have worked.

    In case someone else has such a problem, goto: Home »Email »Mail Delivery Reports
    the sent emails had "Authentication: dovecot_login"
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,633
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice