Queue very huge - Spamming?
Hello
From some days ago, in my queue (exim) I see a lot ofs email from accounts google to our accounts but using names of one domain inside my server (returned emails). I means:
Its seems that: An account/website/ is infected, is sending emails with for, after the returned emails go back account. The queue is around 1000 en 1 hour. I can't how I can see it because its using user=mailnull, and I dont know which user is using. Any help? Best Regards
#exim -Mvl 1VoYIi-000PnS-5L
2013-12-05 12:45:05 Received from <> R=1VoYIh-000PnE-TG U=mailnull P=local S=2881 T="Mail delivery failed: returning message to sender"
2013-12-05 12:45:09 SMTP error from remote mail server after RCPT TO:: host aspmx.l.google.com [173.194.78.26]: 550-5.1.1 The email account that you tried to reach does not exist. Please try\n550-5.1.1 double-checking the recipient's email address for typos or\n550-5.1.1 unnecessary spaces. Learn more at\n550 5.1.1 http://support.google.com/mail/bin/a...py?answer=6596 bo12si1008868wib.66 - gsmtp
2013-12-05 12:45:09 nonaxp@google.com R=dkim_lookuphost T=dkim_remote_smtp: SMTP error from remote mail server after RCPT TO:: host aspmx.l.google.com [173.194.78.26]: 550-5.1.1 The email account that you tried to reach does not exist. Please try\n550-5.1.1 double-checking the recipient's email address for typos or\n550-5.1.1 unnecessary spaces. Learn more at\n550 5.1.1 http://support.google.com/mail/bin/a...py?answer=6596 bo12si1008868wib.66 - gsmtp
*** Frozen (delivery error message)
#exim -Mvb 1VoYIi-000PnS-5L
Return-path:
Received: from cpe-c83a353d88c8.cpe.cableonda.net ([190.219.233.231]:26822)
by server with esmtp (Exim 4.82)
(envelope-from )
id 1VoYIh-000PnE-TG
for dionne@mydomain.com; Thu, 05 Dec 2013 12:45:04 +0000
Received: from apache by kdlqijaimrrgkdadi.bmatter.com with local (Exim 4.63)
(envelope-from <>)
id 9M089L-KIWFUF-ML
for ; Thu, 5 Dec 2013 07:48:37 -0500
To:
Subject: Job offer match, respond to applyIts seems that: An account/website/ is infected, is sending emails with for, after the returned emails go back account. The queue is around 1000 en 1 hour. I can't how I can see it because its using user=mailnull, and I dont know which user is using. Any help? Best Regards
-
Hello :) Try opening one of the SPAM messages in the mail queue and see if the message headers provide you with any additional information. You can enable the following option under the "Mail" tab in "WHM >> Server Configuration >> Tweak Settings": Track email origin via X-Source email headers
This may provide more information in the headers of future emails sent from the server. Also, the following document is helpful for preventing email abuse: cPanel - Prevent Email Abuse Thank you.0
Please sign in to leave a comment.
Comments
1 comment