Finding the spam source

musti19

• June 11, 2016 12:24

How is this spam sent? It can not be a email client mail (dovecot) and not a webscript (because not URL header is not shown, on whm it is enabled) Here the delivery event from WHM:
--- Event: success Sender User: -remote- Sender Domain: Sender: abc@abc.com Sent Time: Jun 11, 2016 1:16:17 AM Sender Host: dynamic-ip-adsl-xxxxxxxx Sender IP: xxx.xxx.xxx.xxx Authentication: localdelivery Spam Score: 0 Recipient: abc@abc.com Delivered To: abc@abc.com Delivery User: userxyz (cpanel account number) Delivery Domain: abc.com Router: virtual_user Transport: virtual_userdelivery Out Time: Jun 11, 2016 1:16:17 PM ID: 1bBkeJ-0008Em-90 Delivery Host: localhost Delivery IP: 127.0.0.1 Size: 2.02 KB Result: Accepted --
Any ideas? thanks

• 

  ssfred

  • June 13, 2016 06:24

  Hello The mails span score is 0 and is not treated as spam. Please extract and share the log file entries ( /var/log/exim_mainlog) corresponding to the mail for a better analysis.

  0
• 

  24x7server

  • June 13, 2016 16:05

  Hello :), Your spam mail ID is 1bBkeJ-0008Em-90, So please login your server with the SSH and try to check mail logs with following command.
  grep 1bBkeJ-0008Em-90 /var/log/exim_mainlog
  

  0
• 

  cPanelMichael

  • June 16, 2016 17:46

  Hello, Yes, as mentioned, let us know the output from /var/log/exim_mainlog for this message with a command such as:
  exigrep MSDID /var/log/exim_mainlog
  Ensure you post the output in CODE tags, removing any identifying information about your domain name or server. Thank you.

  0

Please sign in to leave a comment.