If a server is sending lots of spam, and no one knows why, there is a chance that the cause is a malicious script somewhere on the server. It can be a little tricky to locate such a script, but here’s a trick that should help.
Log into WHM with root and the root password of the server.
Click on “Exim Configuration Editor” under “Service Configuration”.
Click on the box at the top that says “Switch to Advanced Mode (Edit Raw Configuration File)”.
Paste this into the top box:
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
That line is pretty long, be sure to copy all of it and realize it may span beyond your browser’s window. Most web browsers should allow you to “triple click” in the above field and copy all of the text to your clip board but if not simply place your mouse on the far left of “log_selector” and drag the mouse to your right until you have “+tls_peerdn” highlighted.
Once you’ve copied that into the Exim editor box, scroll all the way down and click the little “Save” button.
Now you’re done in WHM. You can close out of the window, or leave it open if you plan on coming back to remove your addition to the Exim.conf. This change will slow Exim a little, so if you have a busy mailserver it’s best to remove this modification when you’re done.
Login to the server via ssh.
Watch the outgoing message log to see what directory messages are being sent from. This command works wonders:
tail -f /var/log/exim_mainlog | grep cwd
Note: cwd stands for current working directory.
This is quite normal: cwd=/var/spool/exim
This warrants investigation, but might be legit: cwd=/tmp
This is generally bad: cwd=/home/h4x0r/public_html/forums/tmp
Are you ready for another cPanel price adjustment? As we have approached January 2025, cPanel has rolled out significant changes…
In this growing digital world, having a website is not enough—it’s a crucial and much-needed option. But here's the challenge…
In today's digital age, the line between hobby photography and professional photography has become increasingly blurred. With the rise of…
Are you taking your first steps into the world of web hosting? You're not alone. Every day, countless individuals and…
Due to growing digitalization, Email Communication has become the backbone of professional interactions. Yet, surprisingly, many professionals struggle to craft…
