Hello, I made it so that all cPanel and "nobody" emails that were recieved were forwarded to my main e-mail so I could deal with them fast. When I looked today - 1682 new messages. I then checked my WHM to see that thousands of messages were sent out but I can't find out where from so I can log the problem and see who breeched my server and how they got in. If anybody knows how I could track it down, to like what sent the emails (script) and an IP adress, please tell me. Also, Because most of the e-mails bounced does it mean that the IP has been blocked from email providers? Or that they were fake e-mails? Thanks for the help
Probably an insecure FormMail script or PHP mail script. You need to do some looking in the mail logs to see if you can find out the user (ie. cPanel account) that Apache is running as when the mails go out. That will tell you what domain to look at. The messages are bouncing probably because they are going out to crap addresses that don't exist. A couple of thousand emails isn't usually enough for another host to notice to get you banned. You can get on some of the automated blacklist sites to search for your IP address to see if your IP was banned.
This won't help you now but can in the future. Login to WHM and go to Exim Configuration and from there select advanced editor. From here in the first box put the following: log_selector=+all This will give you more detailed exim logs . Now the next time you have a spam problem all you need to do is login to SSH and run the following command tail -n 1000 /var/log/exim_mainlog | grep sendmail This will give you the last 1000 lines posted and it'll give back ones with sendmail. So you should see something like 2007-06-09 18:40:43 cwd=/home/username/public_html 3 args: /usr/sbin/sendmail -t -i So now you can tell which folder the spam was coming from. Now if you send out a lot of mail it's of course smart to investigate it. But it should be pretty obvious if you got email coming from a folder like /home/username/public_html/yougotowned There are other options for PHP that can give you some other information but that requires a recompile usually. This is a much easier way and almost as effective.