Webmail email spamming issue

retechpro

• January 05, 2023 08:26

Hi All Members & cPanel Team. From last month i am facing to much issues in mails. Suddenly my some clients emails are doing spamming and emails sent to unknown mails. How can i protect from mail spamming. Is there any tool to protect from mail spamming as I"m already using mails & deferred mails limit. But facing mail spamming issue yet. Im

• 

  quietFinn

  • January 05, 2023 14:45

  Is it local relay or remote relay?

  0
• 

  cPRex Jurassic Moderator

  • January 05, 2023 15:10

  I would also recommend ensuring that WHM >> Tweak Settings >> "Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)" is enabled to prevent spam from being sent from automated scripts. You can check the mail log on the server with this command to get a list of directories that are sending mail: awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
  Just ignore the common directories from that output, such as "/var/spool/exim" or "/etc/csf" if you have that tool installed.

  0
• 

  retechpro

  • January 05, 2023 15:20

  Is it local relay or remote relay?

  
  Local relay

  0
• 

  quietFinn

  • January 05, 2023 15:27

  If SMTP Tweak is enabled then the command cPRex gave is a good starting point.

  0
• 

  retechpro

  • January 05, 2023 15:30

  If SMTP Tweak is enabled then the command cPRex gave is a good starting point.

  
  Yes it"s enabled.

  0
• 

  retechpro

  • January 05, 2023 15:31

  After running command. Output is 55303 cwd=/var/spool/exim 3303 cwd=/ 2924 cwd= /home/domain/public_html Some other same as cwd =/home/domain/public_html Is it good? Also i am facing some issue in one account. I have suspend outgoing mail for this cpanel. But still mail is sending to domain@hostname.com but outgoing is suspend and it is sending through hostname

  0
• 

  cPRex Jurassic Moderator

  • January 05, 2023 15:40

  That would indicate that domain inside of domain.com's home directory is sending email, so you'll want to track down if that is legitimate traffic or not.

  0
• 

  retechpro

  • January 05, 2023 15:44

  That would indicate that domain inside of domain.com's home directory is sending email, so you'll want to track down if that is legitimate traffic or not.

  
  I"m not technical person could you please let me know how can i track it. Also Could you let me know why account is sending mail to domain@hostname.com since the outgoing is suspend for this domain. Lot of acc are sending mail through hostname like retech@serverhost.com serverhost is hostname of server.

  0
• 

  cPRex Jurassic Moderator

  • January 05, 2023 15:55

  There isn't going to be a good way to track it - you'll just have to look through the files on the account and see if there's anything there that shouldn't be. I'm not sure why it would be the hostname. You could check the mail log (/var/log/exim_mainlog) and find the full transaction for one of those messages to see if that would give you more details.

  0

Please sign in to leave a comment.