If a server is sending lots of spam, and no one knows why, there is a chance that the cause is a malicious script somewhere on the server. It can be a little tricky to locate such a script, but here’s a trick that should help.
Log into WHM with root and the root password of the server.
Click on “Exim Configuration Editor” under “Service Configuration”.
Click on the box at the top that says “Switch to Advanced Mode (Edit Raw Configuration File)”.
Paste this into the top box:
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
That line is pretty long, be sure to copy all of it and realize it may span beyond your browser’s window. Most web browsers should allow you to “triple click” in the above field and copy all of the text to your clip board but if not simply place your mouse on the far left of “log_selector” and drag the mouse to your right until you have “+tls_peerdn” highlighted.
Once you’ve copied that into the Exim editor box, scroll all the way down and click the little “Save” button.
Now you’re done in WHM. You can close out of the window, or leave it open if you plan on coming back to remove your addition to the Exim.conf. This change will slow Exim a little, so if you have a busy mailserver it’s best to remove this modification when you’re done.
Login to the server via ssh.
Watch the outgoing message log to see what directory messages are being sent from. This command works wonders:
tail -f /var/log/exim_mainlog | grep cwd
Note: cwd stands for current working directory.
This is quite normal: cwd=/var/spool/exim
This warrants investigation, but might be legit: cwd=/tmp
This is generally bad: cwd=/home/h4x0r/public_html/forums/tmp
Black Friday 2025 is here — the biggest shopping moment of the year, where customers expect unbeatable prices, fast performance,…
When you move or delete a page on your WordPress website, visitors — and search engines — can easily hit…
Introduction Artificial Intelligence has made remarkable strides — from writing poetry to generating code. Yet, most AIs still act like…
Introduction Artificial Intelligence has revolutionized the way we create, refine, and scale written content — from blogs and marketing campaigns…
Every Diwali Brings New Light, New Beginnings, and New Opportunities In today’s digital world, your website is the Diya that…
