dicataldi

Registered
Jul 4, 2014
3
0
1
Rio Claro (São Paulo), Brazil
cPanel Access Level
Root Administrator
Good afternoon,

I'm with 1 server and everything's working OK, however for some reason 1 site for a client of mine is shooting several SPAM emails improperly without even owning account email created.

I believe he use the privilege to localhost, how do I block someone that can tell me?


Thank you!
SPAM.png
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
I believe he use the privilege to localhost, how do I block someone that can tell me?
Hello :)

Could you elaborate on this? What do you see in the message headers regarding how the message was sent?

Thank you.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
The e-mail is most likely being sent from a malicious .php script on that domain. It's very common for spam mailing scripts to spoof "from" addresses as names which don't exist as e-mail accounts on the compromised domain name.

You should be able to find the process or files with "ps faux" (looking for processes owned by that users domain), or with a clamscan or maldet scan of that public_html.
 

matthers

Member
Jul 6, 2013
9
0
1
cPanel Access Level
Root Administrator
I have seen cases of spam emails being sent through the default email account(cpanel username), via webmail(127.0.0.1), the behavior resembling the one mentioned above.
I would recommend changing the cPanel account password.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
I have seen cases of spam emails being sent through the default email account(cpanel username), via webmail(127.0.0.1), the behavior resembling the one mentioned above.
I would recommend changing the cPanel account password.
Yeah that can happen too.

Headers, or exim_mainlog entries, would help a lot here.