Who is sending spam?
We have one strange account, that sends a lot of spam messages. But we unable to find out how they perform this. Look at return message:
As you see user "dym" is sending spam. But this user does not have Shell Access, no jobs in crontab, no suspicious scripts in account. To avoid problems with IP blacklisting, I've set "Maximum Hourly Email by Domain Relayed" to 2. So we have about 2gb messages per day returned to main email account. But this is not good solution... Need help!
Return-path:
Received: from dym by xxx.com with local (Exim 4.80.1)
(envelope-from )
id 1VdN4J-0007cB-3B
for grrund@hotmail.com; Mon, 04 Nov 2013 11:31:59 -0500
From: =?UTF-8?B?S2F0aHJpbmUgRGl2ZXJz?=
To: grrund@hotmail.com
Subject: =?UTF-8?B?WW91IGdvdCBhIFBFUlNPTkFMIE1FU1NBR0UgZnJvbSBLYXRocmluZSBEaXZlcnM=?=
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="=_3ca0c6251c04e46c9c7c4c82365d7e44"
Message-Id:
Sender:
Date: Mon, 04 Nov 2013 11:31:59 -0500
As you see user "dym" is sending spam. But this user does not have Shell Access, no jobs in crontab, no suspicious scripts in account. To avoid problems with IP blacklisting, I've set "Maximum Hourly Email by Domain Relayed" to 2. So we have about 2gb messages per day returned to main email account. But this is not good solution... Need help!
-
Hello :) Have you tried changing the password for the account to see if the messages continue? Have you reviewed the /var/log/exim_mainlog file to get a better idea of what types of messages are sent out? The following document may also be helpful: cPanel - Prevent Email Abuse Thank you. 0
Please sign in to leave a comment.
Comments
1 comment