Spam emails are generating from account

Arun Seby

• April 07, 2019 03:57

Hi, After migrating to WHM server one of the account is spending spam emails. I have tried to find the spam originating script but was no luck. I have tried global filter option in cPanel but I guess those will not work for outgoing emails (still I'm not sure about that). All I need to know is how can I restrict spam sending from my domain, most of them are sending from invalid emails in my account I'm pasting a message header from my mailq below : - Removed -

• 

  keat63

  • April 08, 2019 08:29

  Global filters will only work on incoming emails. Would Maldet help locate the source I wonder ?

  0
• 

  Arun Seby

  • April 08, 2019 16:03

  Hi, Thanks for the response. I have tried both Maldet and Clamscan but I believe the issue is not with any infected script file. I believe the spammers are connecting to my SMTP port and do spamming/spoofing. I have tried the following steps and came under conclusion: 1) Blocked SMTP ports (SSL and non- SSL) in my server firewall 2) I was able to see no more spam emails are generating in the mailque 3) Tested outbound emails from a valid email account in the server and found to be working (If emails were generating from a script in server then still the spam email flow will be there, right ?) 4) Changed the default SMTP port to a different one (25) and allowed the same in firewall 5) The spam email flow started again Is there any option to disable the reject mails sending from my server to avoid spoofing ? Regards,

  0
• 

  cPanelLauren

  • April 09, 2019 18:35

  Hi @Arun Seby Is all the mail originating from anthony_d2@mydomain or is it different non-existent addresses?

  0
• 

  Arun Seby

  • April 09, 2019 19:23

  Hi @Arun Seby Is all the mail originating from anthony_d2@mydomain or is it different non-existent addresses?

  
  Hi @cPanelLauren , No, actually they are originating from different accounts (non-existing) but the domain is always the same. I have other domains also hosted in the server but I see the issue only for this one. Let me know if you need any more details. Regards

  0
• 

  cPanelLauren

  • April 09, 2019 20:07

  Hi @Arun Seby The following should help you narrow down either the folder the mail is originating from (if it's a php script) or the email account that is sending mail (if it's a password issue): perl <(curl -s https://raw.githubusercontent.com/cPanelTechs/SSE/master/sse.pl) -s
  

  0
• 

  Arun Seby

  • April 14, 2019 01:06

  Hi @Arun Seby The following should help you narrow down either the folder the mail is originating from (if it's a php script) or the email account that is sending mail (if it's a password issue): perl <(curl -s https://raw.githubusercontent.com/cPanelTechs/SSE/master/sse.pl) -s
  

  
  Hi @cPanelLauren , That helped me, it was not a one day job but I was able to narrow down the issue to some IP's and after blocking them in firewall the spamming stopped. Thanks for the help. Regards

  0

Please sign in to leave a comment.