Email Spamming / Mail Queue problem

Ari Widya Putra

• January 04, 2015 11:03

helo, this email is caused my mail queue full and never stop, i guess it send spam from my hosting. please help me to stop this. email username@cloud.domain.net is not exist in my hosting email account username is username of my cpanel hosting cloud.domain.net is my subdomain
Headers spool file 1Y7oK9-0002rL-Jl-H username 500 500 1420390001 0 -ident username -received_protocol local -body_linecount 123 -max_received_linelength 94 -auth_id ajcosnet -auth_sender username@cloud.domain.net -allow_unqualified_recipient -allow_unqualified_sender -deliver_firsttime -local XX 1 pierre.otheruser@domain.com 212P Received: from username by cloud.domain.net with local (Exim 4.82) (envelope-from ) id 1Y7oK9-0002rL-Jl for pierre.otheruser@domain.com; Sun, 04 Jan 2015 23:46:42 +0700 033T To: pierre.otheruser@domain.com 029 Subject: Postal Notification 050F From: "FedEx SameDay" 026 X-Mailer: Oudmlr(ver.3.4) 054R Reply-To: "FedEx SameDay" 018 Mime-Version: 1.0 081 Content-Type: multipart/alternative;boundary="----------142039000154A96E718BEBA" 055I Message-Id: 038 Date: Sun, 04 Jan 2015 23:46:41 +0700 Data spool file 1Y7oK9-0002rL-Jl-D ------------142039000154A96E718BEBA Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit FedEx Dear Customer, Your parcel has arrived at December 29. Courier was unable to deliver the parcel to you. To receive your parcel, print this label and go to the nearest office. Get Shipment Label FedEx 1995-2014 ------------142039000154A96E718BEBA Content-Type: text/html; charset="ISO-8859-1"; Content-Transfer-Encoding: 7bit

	FedEx
	Dear Customer, Your parcel has arrived at December 29. Courier was unable to deliver the parcel to you. To receive your parcel, print this label and go to the nearest office.
		Get Shipment Label
	FedEx 1995-2014

------------142039000154A96E718BEBA--
please advice Thanks :)

• 

  John

  • January 04, 2015 20:20

  Seems like mails are generated from malicious scripts, Try this link /http://blog.rimuhosting.com/2012/09/20/finding-spam-sending-scripts-on-your-server/

  0
• 

  cPanelMichael

  • January 06, 2015 15:14

  Hello :) Try running the following command:
  awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
  This may help determine which directory most the SPAM is coming from. Thank you.

  0

Please sign in to leave a comment.