System account it's trying to send spam

mencargo

• August 17, 2016 13:04

A cPanel account is trying to send spam, that it's currently staying in the Mail Queue, but it got so huge (1 million), that it used all VPS inodes for storage. I would like to prevent it from generating the mail in the first place or at least discard it instead of staying in queue. A typical email it's like: Sender User: cpanelaccount Sender Domain: cpanelaccountmaindomain Sender: madeup@cpanelaccountmaindomain Sender Host: localhost Sender IP: 127.0.0.1 Authentication: localuser With that in mind, I'm looking for a rule that checks that "sender" address exists in the server, but I can't find it. What does "Authentication: localuser" mean? That any local user can send emails without password? Can this be restricted?

• 

  cPanelMichael

  • August 23, 2016 14:20

  Hello, It's possible the messages were sent without SMTP authentication or with a spoofed "FROM" address. Try using a command like this to track down the source of SPAM if it's coming from a script:
  awk '/cwd=\/home\// {print $3}' /var/log/exim_mainlog|sort|uniq -c|sort -n
  The following documents are great starting points when attempting to stop email abuse: How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation How to Prevent Spam with Mail Limiting Features - cPanel Knowledge Base - cPanel Documentation Thank you.

  0

Please sign in to leave a comment.