Spam email is sent using my own account
How is it that spammers are able to send email with the FROM: field using my email address? I only found out about it because the spammer put my address in the FROM and the TO fields, and them my server marked that email as spam:
The mail server detected your message as spam and has prevented delivery (31).
I have changed the password for this particular POP account, but the spam email continues to be bounce and come back to me. How are the spammers doing this?
Thank you!
-
Hi, This thread may be of some use to you: Something is sending spam emails from random generated emails @mydomain 0 -
Hello, The following documents explain the best practices to follow to avoid this type of problem: How to Keep your Email out of the Spam Folder - cPanel Knowledge Base - cPanel Documentation 0 -
I have implemented these suggestions and yet the problem continues. Any other ideas? 0 -
Could you provide some additional information about these messages, such as the message header, and the corresponding entry in /var/log/exim_mainlog? Ensure you post the output in CODE tags, and remove any real domain names or IP addresses. Thank you. 0 -
Yes, here is the full header: Content-Type: multipart/report; report-type=delivery-status; boundary=1466770286-eximdsn-1804289383 Auto-Submitted: auto-replied Mime-Version: 1.0 Envelope-To: robert@domain.com Return-Path: <> Delivery-Date: Fri, 24 Jun 2016 06:11:27 -0600 Message-Id: X-Failed-Recipients: robert@domain.com Received: from mailnull by server.domain.com with local (Exim 4.87) id 1bGPxG-00083t-Rz for robert@domain.com; Fri, 24 Jun 2016 06:11:26 -0600 Mail delivery failed: returning message to sender
I can tail the main exim log for things happening in the moment, but I'm unsure how to find a transaction that happened several hours ago. Can I use the Mail Delivery Reports feature in WHM to find what you are looking for? Thank you!!0 -
Yes, here is the full header:
Content-Type: multipart/report; report-type=delivery-status; boundary=1466770286-eximdsn-1804289383 Auto-Submitted: auto-replied Mime-Version: 1.0 Envelope-To: robert@domain.com Return-Path: <> Delivery-Date: Fri, 24 Jun 2016 06:11:27 -0600 Message-Id: X-Failed-Recipients: robert@domain.com Received: from mailnull by server.domain.com with local (Exim 4.87) id 1bGPxG-00083t-Rz for robert@domain.com; Fri, 24 Jun 2016 06:11:26 -0600 Mail delivery failed: returning message to sender
I can tail the main exim log for things happening in the moment, but I'm unsure how to find a transaction that happened several hours ago. Can I use the Mail Delivery Reports feature in WHM to find what you are looking for? Thank you!!
You can search for a message via the command line with a command such as:exigrep MSGID /var/log/exim_mainlog
Or, through "WHM >> Mail Delivery Reports". This option is documented at: Mail Delivery Reports - Documentation - cPanel Documentation Thank you.0 -
Message-Id: Then I did the following at the prompt: exigrep E1bGPxG-00083t-Rz /var/log/exim_mainlog
A few seconds later the prompt return, apparently nothing happened. Did I do this right? By the way, what exactly should I be looking for? This will solve the problem as to why spammers can send email and make it look like it came from my own POP account? Thanks!0 -
Hello :), Can you please try to check your old exim_mainlog file which are stored in /var/log directory. 0 -
Hello :), Can you please try to check your old exim_mainlog file which are stored in /var/log directory.
Didn't you read what I said above?0 -
Hello, You can search for the email address as well. For example: exigrep user@domain /var/log/exim_mainlog*
You are checking to see if the message came from your system, or if it was spoofed and remote server did not have SPF checking enabled. You may also find this thread helpful if you want to verify the messages aren't coming from a PHP script: Find scripts responsible for sending out spam Thank you.0
Please sign in to leave a comment.
Comments
10 comments