Server Sending Spam

Noah A.
  • Updated
Follow

This article provides valuable insights on reviewing and mitigating a server that is sending spam. It offers practical guidance for situations where spam emails are originating from the server or the mail IP is blacklisted. By following the recommended steps, readers can effectively address and resolve issues related to spamming.

Related Article

Check if Mailing IP Blacklisted on VPS

Bounce Back Emails

  1. If a bounce back email is received, it will typically give a reason for the email being rejected
    EXAMPLE:     An example bounce back email.
    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    address@domain.com
    host smtp.domain.com [12.34.56.78]
    SMTP error from remote mail server after end of data:
    550 5.7.0 SPF Policy Violation.
    address@domain.com The intended recipient
    host smtp.domain.com [12.34.56.78] The server attempting to receive the email that is reporting the error
    550 5.7.0 SPF Policy Violation. The error that was encountered
  2. This error that is reported can give a good indication of what needs to be corrected

Test Emails

  1. To further identify potential issues, try sending yourself a test email
  2. When the email is received, review the mail headers for potential issues
    1. Gmail - Show Original
      Gmail_ShowOriginal.JPG
    2. Outlook - View Message Source
      Outlook_ViewMessageSource.JPG
    3. Yahoo - View Raw Message
      Yahoo_ViewRawMessage.JPG
  3. In Gmail, the most relevant information is displayed at the top of the Original Message, while the full email headers are shown below the overview
    Gmail_Mail_Header.JPG
    1. In this example, the email has passed the 3 primary spam checks for the SPF, DKIM, and DMARC DNS records
    2. If your test fails any of these, please review the articles for setting up SPF, DKIM, or DMARC records
  4. If not using Gmail, the information will be given in the full mail headers
    Mail_Header_Auth_Results.JPG
    1. If your test fails any of these, please review the articles for setting up SPF, DKIM, or DMARC records

Check Mail Queue on VPS or Dedicated

IMPORTANT: The following is only available on VPS and Dedicated hosting plans, and unavailable on shared hosting plans.

  1. On VPS and Dedicated hosting plans, the mail queue size can be reviewed through the terminal
  2. This will give an indication if an email account has been compromised and is being used to send spam
  3. SSH into the server as the root user
  4. Run the following command
    exim -bpc
  5. The number of emails in the outgoing mail queue will be displayed
    1. If this number is unexpectedly high then an email account is likely compromised and sending out spam
  6. If needed, the outgoing email can be suspended for an entire cPanel account
    1. To suspend whmapi1 suspend_outgoing_email user='userna5'
    2. To unsuspend whmapi1 unsuspend_outgoing_email user='userna5'
      REPLACE: userna5 with the cPanel username.
  1.  

Related articles

Comments

0 comments

Article is closed for comments.