Skip to main content

server is sending spam mails


1 comment

  • cPRex Jurassic Moderator

    Hey there!  The first thing I would check in this situation would be the Exim log.  That would confirm how the user is sending the message - for example, a message sent from Webmail would show a loal connection like this:

    2024-03-11 09:42:36 SMTP connection from ( [::1]:54898 closed by QUIT

    If that is the case, you would then be able to confirm that your password changes aren't enough to secure the accounts as something is changing the cPanel or Webmail password for the user again, allowing the spammer to log in.

    I'd start there and see if that gives you any helpful clues.


Please sign in to leave a comment.