unordinary amount of emails from our email server

[stingray34]

Hi,
I am brand new to cPanel and need help.
Seems like our email server was used to relay spam mails in the past few days. I enabled "SMTP restrictions", and I don't see any email sent from our email server any more except our legitimate users.

However, it shows unordinary amount of email under "View Relayers" while "detailed Report" show just a little amount.

Also, SenderBase shows a big amount of emails.
We are not on any major blacklists.

My questions are:
1. What am I missing? Why does it show a lot of emails sent?
2. Is there any site to check if my domain is on Google's spam list or bulk email sender list?

Please advise.

 

[ES - George]

Please refer to the cPanel documentation which may help you to block outbound email spam:

How to: Prevent Email Abuse

You can check your server IP for black listings using a tool such as mxtoolbox:

Email Blacklist Check - See if your server is blacklisted

 

[cPanelMichael]

Hello

I recommend checking your mail queue, and also checking the following log file:

/var/log/exim_mainlog

You should be able to tell if SPAM is being sent out based on the activity in the exim_mainlog file.

Thank you.

 

[stingray34]

Thank you for the links.
When spammers use our mail server for spamming, it does not show in the list from cPaenl. Is there any way to see every email sent?

In "How to Prevent Email Abuse"
Step 1 (enabling SMTP Restrictions), and Step 2 (preventing nobody system user) were already in place.
Not sure about Step 3 (suPHP and suExec or mod_ruid2) It shows PHP Handler dso, suEXEC is on.

Step 4 (Max hourly emails setting) - How does this work?
You don't know when spammers attack you, and if you set it, no one in the domain will be able to send any mails once it goes above the threshold.

Is there any way to allow emails to be sent only with authentication with password? (Our users use Outlook2010)

Lastly, which upgrading and updating is important? For Windows systems, security patches are monthly installed, but as for CentOS and cPanel/WHM, which needs to be always up to date?

Thank you!

 

[stingray34]

cPanelMichael,

I am so sorry, I don't even know how to access a console on a remote server. Is it time for me to learn SSH? Or is there any way to do so from cPanel/WHM?

Thanks.

 

[cPanelMichael]

I am so sorry, I don't even know how to access a console on a remote server. Is it time for me to learn SSH? Or is there any way to do so from cPanel/WHM?

Yes, SSH is required in order for you to review the Exim logs directly. You may want to consult with a qualified system administrator if you are not comfortable using SSH.

Thank you.

 

[stingray34]

cPanelMichael,

Thank you very much for your response. I will look into SSH.

By the way, how can I make the mail server secure enough to stop this?
Is there a way to run a virus check on the system?

I am so lost.

 

[cPanelMichael]

By the way, how can I make the mail server secure enough to stop this?
Is there a way to run a virus check on the system?

The following document is useful for information on preventing email abuse:

cPanel - Prevent Email Abuse

Thank you.

 

[stingray34]

I found exim_mainlog via SSH connection, but how can I open it? "cat exim_mainlog" gets "permission denied".

 

[24x7server]

Hello,

May be you are logged in your server through wheel user and due to that you are getting "permission denied" massages. Try to switch your user through "su -" command and enter your root password and then check your exim_mainlog file.

 

[Infopro]

I found exim_mainlog via SSH connection, but how can I open it? "cat exim_mainlog" gets "permission denied".

There are other ways to view that log.

If you've got CSF installed there's a log viewer built in:
ConfigServer Security and Firewall | cPanel App Catalog

Or you might like this log viewer, called logview:
Logview – LogView – Slick UI for Ease of Use | cPanel App Catalog

Both are far easier for a user not used to working via shell to take a closer look at logs quickly.

HTH!

 

[stingray34]

24x7server,
I am truly sorry, that I did not respond right away.
Yes, changing the user from admin to su - gave me the access. I did not know how to give an FTP account access to var/tmp/log, so I simply had to move the log file. However my limited knowledge did not let me dissect the log...But thank you so much!!!

Infopro,
Thank you for your suggestions. Again, truly apologize for the late reply.
Maybe when I gain more knowledge, then I can install programs, or run a script. What I am afraid is that I cannot revert it. If it is through cPanel, then I would feel a little more comfortable.

But it's great to know that there are options for log files.