CBL SPAM problem

mahdy_sharifi

• January 06, 2015 03:36

Hello : Our server IP always marked SPAM in CBL database, they don't get us good info about what exact problem. IP Address XXXXX is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet. It was last detected at 2015-01-03 17:00 GMT (+/- 30 minutes), approximately 2 days, 16 hours, 30 minutes ago. It has been relisted following a previous removal at 2015-01-02 08:22 GMT (4 days, 1 hours, 7 minutes ago) This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.
our server PHP mail disabled and user can only send email via SMTP . I checked SMTP and there are no email sent from unauthorized user. How can check this issue ? Regards

• 

  cPanelMichael

  • January 07, 2015 12:55

  Hello :) You may find the following thread helpful: Locate Spam Activity Thank you.

  0
• 

  mahdy_sharifi

  • January 08, 2015 21:12

  This method used before, but I can 't find any user with abnormal activity.

  0
• 

  cPanelMichael

  • January 09, 2015 18:30

  Did you review /var/log/exim_mainlog for any suspicious or unknown email activity? Thank you.

  0
• 

  mahdy_sharifi

  • January 11, 2015 19:26

  ]Did you review /var/log/exim_mainlog for any suspicious or unknown email activity? Thank you.

  
  noting found there . but I see in CBL site only about this : unknown1895

  0
• 

  cPanelMichael

  • January 12, 2015 19:06

  Could you elaborate on how you searched the Exim logs? For instance, did you review the timestamps or did you grep the email address/user? Thank you.

  0

Please sign in to leave a comment.