I have been trying to combat this for a long time. This gives some solutions and a list of links that cast some light on the subject.
I get emails supposedly from me to myself and when I click 'view source' all the headers but one are my email address, apart from the first one below.
I do NOT automatically allow images in my emails in case a bad one slips through as much malware is carried in images.
Steps to Identify senders of Spam Emails
- Click View Source
- Select ALL (pc keys control+a)
- Copy all (control +c)
- Paste into notepad or other text editor
- Search for the IP and any other strange or unusual headers
- You can block the sending IP in cPanel. Be careful not to block any of your own server's ips.
- Check where the ip is in the world - it could be part of your CDN provider or a legitimate search bot address.
- Also or instead, when it's not your own address you can block that email address under any header.
Using IP Block in cPanel I Block the originating IPs. See if that works, then look at alternative measures. Did I say it was easy? NO, it is not!
I check IPs here as many are reported and it tells me what and where the ip is:
https://www.abuseipdb.com/
NOTE: Blocking a lot of IPs Can slow down you mailserver as it has to check for all those IPs before completing the task - I have only seen that mentioned once on my cyber travels - but thought I had better mention it. I have no idea what 'A lot' is.
Looking For Ways to Block Spam Emails
First I looked for this in Search: how do people send spam from localhost and found this:
https://www.spamhaus.org/news/article/718/stop-spammers-from-exploiting-your-webserver
It led me to search for: how to Block direct-to-MX Sending in cPanel. If you have all day you can read loads of results there, but I changed the seach to: cpanel email sending spam and found this, which is getting closer to a solution, I think:
https://superuser.com/questions/1117586/how-to-find-the-source-of-email-spam-from-a-cpanel-account
and this to limit sending:
https://blog.cpanel.com/prevent-outgoing-spam-from-webmail-accounts/
This might be useful if you have your own server:
https://www.inmotionhosting.com/support/email/exim/find-spam-script-location-with-exim
I typed this header into Google search:
Received: from jozlfzl ([52.114.112.82]) by 19962.com with MailEnable ESMTP; Tue, 23 Apr 2019 16:20:13 +0530 Received: (qmail 19962 invoked by uid 199)
I found these, all very techy:
https://docs.plesk.com/en-US/onyx/advanced-administration-guide-linux/services-management/spam-protection/fighting-spam-on-a-qmail-mail-server.61674/
Which seems to be advice for hosting providers or if you have your own server on Plesk.
and this, it's very out-dated but might give clues on what to search for:
https://talk.plesk.com/threads/qmail-find-source-of-spam.104897/
Which has advice on how to find and mentions spamsender script. I will investigate that. How to find and delete spamsender script.
One user says this but unfortunately the articles no longer exist, but the 404 page has a search bar:
I've used the following articles to find out spammers and it worked every time :
http://kb.odin.com/766
and
http://kb.odin.com/en/1711You should be able to find the exact php script.
A suggested search was:
'qmail invoked from network', to which I added 'cpanel'.
These are instructions for Plesk but most of us need to find out what to do in cPanel
Might have to get the host to find it - or move to another hosting provider!
And this which is a long read and I don't know how much use it is to the ordinary user.
https://www.supportpro.com/blog/spamming-in-a-qmail-enabled-plesk-server-finding-the-culprit/
If anyone knows a definitive answer to this please do tell us in the comments.
Piglets Image by Roy Buri from Pixabay
Spammy comments will be deleted so don't even try!