Webmail email spamming issue

retechpro

Well-Known Member
Dec 23, 2022
141
16
18
Pakistan
cPanel Access Level
Root Administrator
Hi All Members & cPanel Team.
From last month i am facing to much issues in mails. Suddenly my some clients emails are doing spamming and emails sent to unknown mails. How can i protect from mail spamming. Is there any tool to protect from mail spamming as I’m already using mails & deferred mails limit. But facing mail spamming issue yet. Im
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,505
2,605
363
cPanel Access Level
Root Administrator
I would also recommend ensuring that WHM >> Tweak Settings >> "Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)" is enabled to prevent spam from being sent from automated scripts.

You can check the mail log on the server with this command to get a list of directories that are sending mail:

Code:
awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
Just ignore the common directories from that output, such as "/var/spool/exim" or "/etc/csf" if you have that tool installed.
 

quietFinn

Well-Known Member
Feb 4, 2006
2,024
542
493
Finland
cPanel Access Level
Root Administrator
If SMTP Tweak is enabled then the command cPRex gave is a good starting point.
 

retechpro

Well-Known Member
Dec 23, 2022
141
16
18
Pakistan
cPanel Access Level
Root Administrator
After running command.
Output is
55303 cwd=/var/spool/exim
3303 cwd=/
2924 cwd= /home/domain/public_html
Some other same as cwd =/home/domain/public_html
Is it good?

Also i am facing some issue in one account. I have suspend outgoing mail for this cpanel. But still mail is sending to [email protected] but outgoing is suspend and it is sending through hostname
 

retechpro

Well-Known Member
Dec 23, 2022
141
16
18
Pakistan
cPanel Access Level
Root Administrator
That would indicate that domain inside of domain.com's home directory is sending email, so you'll want to track down if that is legitimate traffic or not.
I’m not technical person could you please let me know how can i track it.
Also Could you let me know why account is sending mail to [email protected] since the outgoing is suspend for this domain. Lot of acc are sending mail through hostname like [email protected] serverhost is hostname of server.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,505
2,605
363
cPanel Access Level
Root Administrator
There isn't going to be a good way to track it - you'll just have to look through the files on the account and see if there's anything there that shouldn't be.

I'm not sure why it would be the hostname. You could check the mail log (/var/log/exim_mainlog) and find the full transaction for one of those messages to see if that would give you more details.