Spammers

phpAddict

Active Member
By default the exim configuration requires authentication in order to send emails through your server, so unless that's been messed with either these emails are just spoofs actually coming from another server, your email account(s) have been compromised, or worse your web server is infected and is sending out these emails. So we first need to find out which is the problem.
If these emails are coming from the same email account, change it's email password, quick and easy to do.
Make absolutely sure your server is requiring smtp authentication which you can do by using an email client, create a bogus email account using your smtp server and try sending out an email, if you're asked for a password then that's good and not the issue, but if it does go out you need to check your exim configuration.
Finally, if those don't resolve or pinpoint the issue go into WHM->Manage Plugins-> and install ClamAV. Do a scan on any accounts that are sending out spam and it may possibly find something, though if it's an uncommon backdoor it may not find anything and you'll have to do more work to see if it's a compromised account.

Also, have a look at...
https://documentation.cpanel.net/display/CKB/How+to+Prevent+Email+Abuse
 

KH-RileyA

Technical Support Operator
Staff member
If you don't have SPF and / or DKIM on that domain, you can login as root and do
Code:
/usr/local/cpanel/bin/spf_installer <acct>
/usr/local/cpanel/bin/dkim_keys_install <acct>
 
Top