Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

System account sending spam

Discussion in 'E-mail Discussion' started by Dreanmer, Oct 4, 2011.

  1. Dreanmer

    Dreanmer Registered

    Joined:
    Oct 4, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    i have searched many days in this forum about this thread, but could find anything...

    I have a cpanel account that is sending about 20k emails / day, this account have a limit to 100 emails/hour, but this realy slow down my server all the time... thw emails is sending by the system account:

    cpanel-user@myservername.myserverdomain.com
    (cirquito@sistemas.a3sistemas.com.br)

    How can i block this to sending mail, or track from where it being sent?

    i cant block this account, because its my main site, system and mails.

    thanks in advanced

    sorry poor english

    greetings from brazil

    ----------------------------------

    aditional info

    this account has been hacked 1 time, but i have scanned all files by php mail() funtion and can't find anything suspicious;

    my server is CentOS;

    i have CSF and all the warnings in the check server security:

    Check /dev/shm is mounted noexec,nosuid
    Check /etc/cron.daily/logrotate for /tmp noexec workaround
    Check /tmp is mounted as a filesystem
    Check /var/tmp is mounted as a filesystem
    Check Accounts that can access a cPanel user account
    Check apache for FileETag
    Check apache for FrontPage
    Check apache for mod_security
    Check apache for ServerSignature
    Check apache for ServerTokens
    Check apache for TraceEnable
    Check Apache weak SSL/TLS Ciphers (SSLCipherSuite)
    Check boxtrapper is disabled
    Check cPanel login is SSL only
    Check cPanel version
    Check csf PT_SKIP_HTTP option
    Check csf SAFECHAINUPDATE option
    Check for cxs
    Check incoming MySQL port
    Check MySQL LOAD DATA disallows LOCAL
    Check nameservers
    Check php for ini_set disabled
    Check php for Suhosin
    Check Referrer Blank Security
    Check Referrer Security
    Check root forwarder
    Check SMTP Tweak
    Check SSH PasswordAuthentication

    anything i can REALY need to do special atention?

    thanks again
     
    #1 Dreanmer, Oct 4, 2011
    Last edited: Oct 4, 2011
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,234
    Likes Received:
    383
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    In that account's cPanel > Mail Section > Default address, what are your settings here?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. WebHostDog

    WebHostDog Well-Known Member

    Joined:
    Sep 3, 2006
    Messages:
    144
    Likes Received:
    1
    Trophy Points:
    166
    cPanel Access Level:
    Website Owner
    Recompile Apache with PHP mail patch this will help you to track the origin of folder/file sending the emails.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,870
    Likes Received:
    1,811
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    You should try to determine where the mail is being sent from. If it's coming from the account username, there is likely a PHP script uploaded to the account that is sending email. Try enabling the following option under the "Mail" tab in "WHM >> Server Configuration >> Tweak Settings":

    Code:
    Track email origin via X-Source email headers
    Also, check the following thread for useful information on how to track messages sent from PHP scripts:

    PHP Scripts Sending Mail

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Dreanmer

    Dreanmer Registered

    Joined:
    Oct 4, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    thanks for all replys, i'm trying all alternatives, when i got the results i'll post a feedback.

    now again, very thanks!

    @infopro

    this is the cionfig:

    send all unrouted emails to "cirquito" (this is the cpanel account)

    thanks

    @WebHostDog

    cant find this option under "easy apache"... but i have upgrade my php from 5.2.x to 5.3.8
     
    #5 Dreanmer, Oct 5, 2011
    Last edited: Oct 5, 2011
  6. alexmack

    alexmack Member

    Joined:
    Jul 23, 2010
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    51
    where does track email origin show up?
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,234
    Likes Received:
    383
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    All unrouted mail should be set to fail here, not forwarded to your account.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice