SPAM Email getting sent through default email ( I think )
I have a site where I am fighting some SPAM emails from being sent through our server. These are clearly SPAM emails you can see that in the attached image. I need to get them stopped but what I have tried so far has not worked completely. They have however slowed down slightly but not completely.
There are no emails on the cPanel account other than the default email that I cannot turn off.
This is what I have done ...
Changed Password on the cPanel Account which then in turn changes the password on the default email account.
Made sure nobody sending emails is turned on
Made sure SMTP restriction is turned on
What else is there to do? Or what should I add to my list?
-
Hey there! Your best option would be to look through the Exim logs as outlined here:
to parse the Exim log and see where messages are coming from. Here is an example from my personal server, although I don't have much mail activity:# awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr 508 cwd=/etc/csf 81 cwd=/var/spool/exim
That would at least tell you the directories that are sending email.0 -
I know what account it is coming from. I just dont know how to make it stop. 0 -
Knowing the account is only half the battle. Those logs would show the exact directory the mail is being sent from, which should help you find the location of the script that is sending the message, if it is an automated script. 0 -
So when I run that it gives me just the directory of the account ... not a subdirectory to go look in a folder for files / code that is sending an email. Is there another command to drill down into that? 0 -
No, that would indicate the email is coming from that directory. That means you'd want to check /home/username (or whatever specific directory it says) for files that could be sending the email. 0 -
what can I infer from this? 47692 cwd=/var/spool/exim 0 -
That would be how many total messages have been sent from your server since the last time the Exim log was rotated. 0
Please sign in to leave a comment.
Comments
7 comments