Emails from

bijojerome

• September 19, 2013 00:50

Hello, Please see the log below: ----------- 2013-09-18 23:11:29 [338260] cwd=/home/user21 3 args: /usr/sbin/sendmail -fuser21@example.com -t 2013-09-18 23:11:30 [338260] 1VMUeP-001Pzo-Mj <= user21@example.com U=user21 P=local S=768 T="Re:See why you need a web designer's help - My Email address has changed" from for melissa@externaldomain.com ----------- The above account 'user21' is sending spams . I could see there is no mail scripts in /home/user21 . Also, the user does not have shell access. How could the mails possibly sent? Please advice. Thanks in advance.

• 

  quietFinn

  • September 19, 2013 14:10

  [quote="bijojerome, post: 1464571"> I could see there is no mail scripts in /home/user21 . Also, the user does not have shell access.
  Check directory /home/user21/public_html including all subdirectories.

  0
• 

  cPanelMichael

  • September 19, 2013 14:49

  Hello :) Are you positive there are no files in the account's home directory or within any subdirectories beneath it with the ability to send emails? Try using the "grep" command to search for "mail" within these files to help figure out which script is responsible. Thank you.

  0
• 

  Aaron.Edwards

  • September 23, 2013 00:45

  Yes, check for the word "mail" under the directory : /home/user21/public_html # grep -irl 'mail' /home/user21/public_html/ There should be some spam script hidden under this directory or so. Try the below and see whether you got a company with the "user21" on your server ? tail -3000 /var/log/exim_mainlog |grep 'rejected RCPT' |awk '{print$4}'|awk -F\[ '{print $2}'|awk -F\] '{print $1} '|sort | uniq -c | sort -k 1 -nr | head -n 5

  0

Please sign in to leave a comment.