unknown spam source

dtandukar

• April 28, 2014 01:04

Dear all, My server has been generating spam emails since last 3 days and could not trace out the source. I found similar case here:

• 

  cPanelMichael

  • April 28, 2014 14:55

  Hello :) Could you provide more details about how you became aware your server is sending out SPAM? Are you able to view the headers of these emails? Have you checked /var/log/exim_mainlog for more information? Thank you.

  0
• 

  dtandukar

  • April 30, 2014 08:49

  spam emails My dedicated server is generating spam emails continuously. it does not seem to be from php script. Is there anyway to track the culprit, i have been trying to find out since last one week. It generates more than 2o emails a second - please help. Best regards, Deependra

  0
• 

  dtandukar

  • April 30, 2014 08:55

  Because of the last amount of email, the server blocked the out going email - that is when i came to know about it. I am copying here one of the mails in queue: Mail Control Data: icimod 510 500 1398777168 0 -ident icimod -received_protocol local -body_linecount 3 -max_received_linelength 28 -auth_id icimod -auth_sender icimod@server.domain.org -allow_unqualified_recipient -allow_unqualified_sender -local XX 1 someuser@hotmail.com Date: Tue, 29 Apr 2014 18:57:48 +0545 From: root@localhost To: someuser@hotmail.com Subject: Test mail 405209145 Message-Id: Received: from domain by server.domain.org with local (Exim 4.82) (envelope-from ) id 1Wf7q4-0004qQ-0n for someuser@hotmail.com; Tue, 29 Apr 2014 18:57:48 +0545 Sender:
  Bla-bla-bla ---------------- best regards

  0
• 

  theoxgr

  • April 30, 2014 09:25

  you can block root from sending out emails i think i did it from "tweak settings"

  0
• 

  dtandukar

  • April 30, 2014 12:54

  But this is not the solution or finding out the root of problem. I will try this too. Could this be the cpanel bug or loophole? [quote="theoxgr, post: 1633161">you can block root from sending out emails i think i did it from "tweak settings"
  

  0
• 

  dtandukar

  • April 30, 2014 13:20

  sending email by root is already blocked. Any other suggestions?

  0
• 

  cPanelMichael

  • April 30, 2014 17:27

  The message header you provided indicates the "icimod" user is sending out those emails. Is that a user on your system? If so, first try changing the password of that account. You can also search for the term "spam source" on our forums and you will see several threads where methods of spam investigation is discussed. Thank you.

  0
• 

  dtandukar

  • May 01, 2014 03:14

  yes, icimod is the main account. Password has been changed several times. Okay let me search for spam source in the forum - if any suggestion, I am glad to take on. Best regards,

  0
• 

  cPanelPeter cPanel Staff

  • May 01, 2014 14:18

  Hello, Try running the following command: awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
  This will list the source and the number of messages from each source.

  0

Please sign in to leave a comment.