I was exploring my Exim Mail Queue Manager in WHM and have quite by chance stumbled across the [system] identifier sending four (4) spam emails to valid email addresses.
I deleted the messages from the mail queue (possibly unfortunately, I should have recorded their contents before deletion) but would like to know:
1) How do I establish what caused these message?
2) Is this indicative of a system wide compromise?
3) Would this be something I should raise in a ticket?
I have seached on this topic and results all come up with CPanel specific mail/account compromises which I'm not certain relate as these were sent by "[system]" rather than by any particular account.
I have checked my exim_mainlog and maillog log files but can't see anything obviously out of the ordinary.
I deleted the messages from the mail queue (possibly unfortunately, I should have recorded their contents before deletion) but would like to know:
1) How do I establish what caused these message?
2) Is this indicative of a system wide compromise?
3) Would this be something I should raise in a ticket?
I have seached on this topic and results all come up with CPanel specific mail/account compromises which I'm not certain relate as these were sent by "[system]" rather than by any particular account.
I have checked my exim_mainlog and maillog log files but can't see anything obviously out of the ordinary.