Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

spam emails from domains on my server

https://forum.vestacp.com/viewtopic.php?f=12&t=8470

Page 1 of 1

spam emails from domains on my server

Posted: Fri May 29, 2015 6:49 pm
by djeglin
So I noticed that my server seemed to get unreliable recently, at which point I noticed that my exim queue was hundreds of thousands of messages long. I had recently tried to set up email on one of my domains but my server IP was blacklisted. Now I understand why!

It seems that even after disabling email for the offending domains in Vesta, the domains are still able to send email with exim?

So, I have several questions -

1. How might they be getting access?
2. How can I stop them?
3. Why is the queue still raising even when exim is disabled in Vesta?
4. How can I tell where the intrusion is initiating from and block it?

Any help much appreciated. Cheers!

Re: spam emails from domains on my server

Posted: Sun May 31, 2015 7:51 pm
by skurudo
Use mailq for see your log queue.

exim -Mvh message-id-from queue -- headers
exim -Mvb message-id-from queue -- body message

Search php script, which send all this spam mail.
It seems from php-shell.
You can use maldet for search this php-shell - https://www.rfxn.com/projects/linux-malware-detect/
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/