• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 649
  • Last Modified:

Domain in WHM is sending spame

I have a dedicated server run by cent OS with WHM.
there is a specific domain which was sending spame, i tried all the different ways but was not able to solve them, then i completely deleted that account and re create that again, now domain has stop sending spam but there is still one account which is System and sends unrouteable message to an account xx@abc.com. x was the admin account of domain xx which was deleted after sending the spame.

do you have any solution how to stop this system account to stop sending these untroubled messages?

the screen shot is attached.

thanks
spam.PNG
0
SCAAdmin
Asked:
SCAAdmin
  • 3
  • 3
1 Solution
 
g3nu1n3Commented:
Can you provide the email headers of one of the unrouteable email?
0
 
SCAAdminAuthor Commented:
since this is now sent to an email address which is not present. and i tried to find the header from whm+email+email delevery report but unfortunately i could not, but i had some more info in the attach screen shot , if you can get any idea from it.
remote.pdf
0
 
g3nu1n3Commented:
Unfortunately it is rather difficult to determine the reason a message is still being sent without intimate details regarding the server or the information from the email headers. From my best guess, and this is only a guess, I would have to say that the IP listed is attempting to send the email and it is getting rejected because you do not have your server setup as an open relay, which is a good thing.

You can deny that IP totally via WHM > Host Access Control if you do not know who owns the IP and do not want to continue to get these emails.

If you are familiar with SSH you can also drop all traffic from that IP so they no longer are able to access your server via iptables, this rule will work:

iptables -I INPUT -s 63.201.249.26 -j DROP
service iptables save
service iptables restart

Additionally, you may want to contact the owner/administrator of the domain that you have listed there as being the sender of the emails. Maybe they have an exploit of which your email/domain is listed and someone is sending random mail or trying to send random mail from there using your server to hide their activity.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
SCAAdminAuthor Commented:
Hello, thanks for the post, can you please kindly provide me some sites to learn things related webhositng  , i am totally new with cent OS and linux OS systems.

thanks
0
 
g3nu1n3Commented:
There are tons of sites available, what specifically do you want to know more about?
0
 
SCAAdminAuthor Commented:
I want to know about the web hosting related activities, like how to troubleshoot email issues, etc.

thanks
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now