How do we stop our Linux webserver from sending SPAM??

Posted on 2006-05-25
Last Modified: 2010-08-05
Hello, any help would be appreciated.

   We use a dedicated server to host our company websites.  One of the site started sending out spam from our server.
Now there is a mail account on the main server sending out spam.  We are using formMail clone cgi.  I know very little
about Linux systems (no SSH), I am trying to disable only the "account" sending the unauthorized mail without interrupting
email on the rest of the server.  We have no idea how this could have happened or how to fix it.  Any suggestions would
be greatly appreciated!

  Mail Queue is currently trying to send 90,000 messages, help!
Question by:nwrights
    LVL 16

    Accepted Solution


    I would strongly recommend deleting the formMail cgi script as this is probably the problem, with no
    SSH you will be unable to remove mail from the mail queue :(
    LVL 51

    Assisted Solution

    some versions of formMail are known to be vulnerable to be used as spam relay, best you disable these scripts and replace them by
    LVL 11

    Assisted Solution

    You mention two factors of interest here. One is "dedicated host" and two is "No SSH". Those two words shouldn't normally be in the same sentence =)

    Recommend you compel the dedicated hosting provider to flush the queue, alter the formMail.cgi or turn it off, and grant you SSH access to the box.

    Be advised there are other problems, though formMail has LONG been known to be an easy victim, you might wish to test that the system isn't also running an open relay here:


    ~K Black
    LVL 5

    Assisted Solution

    Just disabling the account is not the solution.

    First, make sure server is not setup as open relay.

    Then find out which script send out emails, if you find a formmail, delete the file from the server. Install secure formmail, it will be better to have a formmail with visual confirmation as lot of bots send spam mails nowadays.

    If you server have control panel like cpanel, you can set it to enable script run as user (other than user that apache is running), with this, you can easily track abuser.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    ​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now