Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

stop spam from authenticated local user

Discussion in 'E-mail Discussions' started by megahost, Aug 2, 2017.

Tags:
  1. megahost

    megahost Member

    Joined:
    Jun 10, 2012
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    i have this problem lately and i don't know what to do anymore to stop it.

    Maybe someone here can tell me how is this possible.

    A shared hosting account on one server is sending spam.
    The spam from what i can see is sent using the cPanel user:
    2017-08-02 17:10:46 ########## SMTP connection identification H=localhost A=127.0.0.1 P=44918 M=########## U=XXXXXXXX ID=1213 S=XXXXXXXX B=authenticated_local_user

    how can he still send spam after changing the cpanel password with a long/strong generated one. we don't even know the the password.

    Thanks.
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    335
    Likes Received:
    95
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Are you changing the cPanel password, or the mail account password ?
     
  3. megahost

    megahost Member

    Joined:
    Jun 10, 2012
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    the cPanel password. as a precautionary measure we've changed the email accounts passwords even thou the emails are sent from the cpanel user not from an email account.

    we restarted the imap and exim after changing the cpanel password.
     
  4. Ko Tun

    Ko Tun Registered

    Joined:
    Aug 2, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Yangon
    cPanel Access Level:
    Website Owner
    This spam email is use to send spam mail with something plugin or script in your hosting account.
     
  5. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    335
    Likes Received:
    95
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You may also want to see if the account has setup any cron jobs that send out emails, or verify if any scripts uploaded to the account can be used to send email. Here's a link that can help with finding offending scripts:

    Spam emails being sent from cPanel account

    Generally, the difficult part is finding the offending account. Since you've already done that, you may want to suspend the cPanel account (or try suspending outgoing email) and contact the offending user to verify how they are sending the email.

    Thank you.
     
  7. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    335
    Likes Received:
    95
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page