System is sending Spam emails

[thanasis]

Hello, i noticed that [System] sending spam emails at .ru and .qq emails.
I have lots of them at mail queue...
So, i deleted them, but i want to find the reason... What caused these message...

Thank you.

 

[keat63]

Could this be your system replying to a message from the .ru and .qq domains.

Maybe these domains have spammed your server, and your server has rejected them with a bounce message ?

 

[thanasis]

I found a domain causing this problem.
How can i stop this domain sending emails at this tdls?

 

[Volox]

Terminate the account of the offending user. Or if their account might have been compromised, perhaps force rotate their password.

 

[cPanelMichael]

I found a domain causing this problem.
How can i stop this domain sending emails at this tdls?

Hello @thanasis,

There's a thread here with discussion of blocking outgoing email to a specific TLD, however generally the better approach is to address the source of the SPAM. Can you share more information about the offending account? For instance, were the emails sent using SMTP authentication or through a PHP script?

Thank you.

 

[foxmedo]

we have same issue,

some times we find 200K & 300K in mail queue and we do not have a clear way to detect the cause and email sending to suspend it

 

[cPRex]

@foxmedo - I'd recommend working through our guide here:

How to find the source of spam emails

Introduction In this article, we will be exploring means to determine how spam emails were sent from your server. This is meant to guide you in the right direction in which a further, more in-dep...

support.cpanel.net

With that many messages in the queue you will have plenty of data to use when you run this command:

awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr

although be aware it could take several minute to run and process all that email.