The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trouble Shooting Spammers

Discussion in 'General Discussion' started by bmcpanel, Aug 3, 2003.

  1. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    I am trying to find out why my server mail volume is so high. Just last night, I reconfigured PHP with PHPSUEXEC and I disabled the user "nobody" from sending email. But, I still see "root" as a sender of email, which I thought would stop with PHPSUEXEC AND SUEXEC.

    Top 50 local senders by volume
    ------------------------------
    1230 7020KB mailnull
    45 1202KB root
    126 59KB dapper
    19 18KB bsmc01ac
    25 14KB credoweb
    2 6478 cpanel
    7 5749 lotawa
    10 4953 michael2


    I then checked the mail stats in WHM and I see the following section. Why is local the target of so much incoming mail. Is someone spamming this server? Is there some way to find out who is sending email to local?


    Top 50 host destinations by message count
    -----------------------------------------

    3282 37MB local
    118 519KB PADRE.apci.net
    94 384KB relay.gte.net
    63 241KB icss.net.geneseo.mail5.psmtp.com
    56 350KB mailin-01.mx.aol.com
    53 210KB mailin-02.mx.aol.com
    52 356KB mailin-03.mx.aol.com
    44 205KB mailin-04.mx.aol.com
    43 1201KB hostsonic.com
    41 69KB mx2.jmail.co.jp
    25 117KB mail.charter.net
    25 110KB mail.ocis.net
    15 57KB mail.i1.net
    13 52KB mx1.baylink.com

    cPanel.net Support Ticket Number:
     
  2. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    the local can be your incoming mails as well.

    Also what mail processes you see will be people using their mail clients to relay from your server.

    The best way to check how many mails are there in queue, you can check the queue from the WHM. This will give you an idea who is sending mails usually. Also incase there is a compromised script on your server which allows some spammer to connect to, you can also some to know about that from here from reading suspicious looking emails.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page