Hello All, I have a linux based Server. The problem is that someone is spamming from the server. How can I find the culprit. I have linux based Server with cPanel/WHM installed. Please help. Thanks.
First off you can limit the max emails any user can send out from your server from Tweak Settings in WHM. And to find out who is sending out most emails from your server go to WHM > View Mail Statistics and in there find "Top 50 local senders by message count"
If spam is being sent its probably a form-mail script that has been uploaded to your server, in this case it uses your webserver`s user to send those emails, on centos thats "nobody" on debian its "www-data" , you can remove that users ability to send emails and this will probably fix this issue temporarily until you find the real cause (Temporarily because some of your scripts use form-mail too) or you can permanently disable this and use smtp for your own scripts.
Do you have the full header of the spam email? That is important to track the origin. You would need to mix it up with the exim_mainlog (under /var/log) and find the culprit.