Skip to main content
We are aware of an issue after updating to cPanel versions 11.110.0.65, 11.126.0.21, or 11.128.0.11, some cPanel plugins or features are no longer functioning properly including WP Toolkit. Presently, updates for releases are temporarily disabled while we continue working on a solution for the missing addon features directory. Please see the following article for more information and updates:
Update to latest cPanel 110, 126, or 128 versions removes "addonfeatures" directory.

SPAM Source Identification not possible..

musti19
Hello, last days my system sends/receive spam mails and i cant find out where the problem is. the spams were sent over the additional exim mail IP. Currently i have CSF Firewall and limitation for cPanel User (maximum percentage failed...) Lot of spam mails to a spefic email adress: [bounce] to username @ hotmail.com: 1VJA2p-0004Ud-BK-H mailnull 47 12 <> 1378766095 0 -ident mailnull -received_protocol local -body_linecount 54 -max_received_linelength 130 -allow_unqualified_recipient -allow_unqualified_sender -frozen 1378766097 -localerror XX 1 username @ domain.com.br 157P Received: from mailnull by EDITED with local (Exim 4.80.1) id 1VJA2p-0004Ud-BK for username @ domain.com.br; Tue, 10 Sep 2013 00:34:55 +0200 048 X-Failed-Recipients: root@MY Serverdom 029 Auto-Submitted: auto-replied 065F From: Mail Delivery System EDITED> 028T To: username@ domain.com.br 059 Subject: Mail delivery failed: returning message to sender 054I Message-Id: EDITED> 038 Date: Tue, 10 Sep 2013 00:34:55 +0200
FROM username @ hotmail.com (4 emails in queue) : 1VJBdC-0002gn-1X-H mailnull 47 12 1378772194 0 -helo_name localhost -host_address 127.0.0.1.52360 -host_name localhost -interface_address 127.0.0.1.25 -received_protocol esmtp -aclc _authenticated_local_user 4 root -body_linecount 17 -max_received_linelength 69 XX 1 username @ peoplepc.com 224P Received: from localhost ([127.0.0.1]:52360) by EDITED with esmtp (Exim 4.80.1) (envelope-from ) id 1VJBdC-0002gn-1X for username @ peoplepc.com; Tue, 10 Sep 2013 02:16:34 +0200 059F From: username here. 033R Reply-To: username @ gmail.com 021 Subject: RE: URGENT! 018 MIME-Version: 1.0 025 Content-Type: text/plain 032 Content-Transfer-Encoding: 8bit
can anyone help me, thank you

Comments

3 comments

Date Votes
  • cPanelMichael
    Hello :) Try checking your mail queue to see if additional SPAM messages still exist in the queue: "WHM Home " Email " Mail Queue Manager" You can look at the message header and body to see if you can find out if an actual username authenticated, or if it was sent from a script. The following document is useful if you want to prevent email abuse: cPanel - Prevent Email Abuse Thank you.
    0
  • musti19
    hello, i cant see any usernames in message header or body. This is why i asked for other ways to find the source problem :) The steps except: "Step 3 suphp", is already configured. i use fcgi.
    0
  • cPanelMichael
    It's possible that the message was sent out by an authenticated email account. It's difficult to determine the exact source or to know if an account username was listed in the email headers because those aspects were edited out of your original message. Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post