The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Who is sending spam?

Discussion in 'E-mail Discussions' started by homeprimax, Nov 4, 2013.

  1. homeprimax

    homeprimax Member

    Joined:
    Sep 14, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    We have one strange account, that sends a lot of spam messages. But we unable to find out how they perform this. Look at return message:
    Code:
    Return-path: <dym@xxx.com>
    Received: from dym by xxx.com with local (Exim 4.80.1)
            (envelope-from <dym@xxx.com>)
            id 1VdN4J-0007cB-3B
            for grrund@hotmail.com; Mon, 04 Nov 2013 11:31:59 -0500
    From: =?UTF-8?B?S2F0aHJpbmUgRGl2ZXJz?= <kathrine_divers@kathrine-divers.us>
    To: grrund@hotmail.com
    Subject: =?UTF-8?B?WW91IGdvdCBhIFBFUlNPTkFMIE1FU1NBR0UgZnJvbSBLYXRocmluZSBEaXZlcnM=?=
    MIME-Version: 1.0
    Content-Type: multipart/related;
            boundary="=_3ca0c6251c04e46c9c7c4c82365d7e44"
    Message-Id: <E1VdN4J-0007cB-3B@xxx.com>
    Sender:  <dym@xxx.com>
    Date: Mon, 04 Nov 2013 11:31:59 -0500
    As you see user "dym" is sending spam. But this user does not have Shell Access, no jobs in crontab, no suspicious scripts in account.
    To avoid problems with IP blacklisting, I've set "Maximum Hourly Email by Domain Relayed" to 2. So we have about 2gb messages per day returned to main email account. But this is not good solution... Need help!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Have you tried changing the password for the account to see if the messages continue? Have you reviewed the /var/log/exim_mainlog file to get a better idea of what types of messages are sent out? The following document may also be helpful:

    cPanel - Prevent Email Abuse

    Thank you.
     
Loading...

Share This Page