0

Context:

I have a Dedicated Server hosted on Digital Ocean, called as "Droplet" and then, on it i have installed CentOS 6, and my mailing server is using EXIM.

Problem:

I am having spam issues on my server, i am being blacklisted and Digital Ocean is blocking my SMTP due to pishing, so i need to find where is the source of the spam to close the security breach or delete the potencial spam or somewhat else.

Something that i've tried:

Here on the image, as you can see i found the emails that are the spam problem in my exim mail server, by the way i dont know how to see where is the source of that email, i can access the spam mail header and i know from what recipient and to what recpient that the email is going, as far i know the header.

enter image description here

The thing is that im a little new on that and i dont know how to identify and close the problem, any hints for that??

Important:

I do not want to know what i need to do, because i already know that. The thing is that i want to know how to do that.

Community
  • 1
Paulo Roberto Rosa
  • 101
  • 4
  • @Michael Hampton♦ No way that is a duplicated question, none of the answers on the question that you mentioned solves my problem, or even helps me to solve it, i did read all of them, but my question is very specific as far you can see on the image that i did attach to it, i have run some commands and i found the source of spam but i dont know how to find where is the email source. – Paulo Roberto Rosa Oct 14 '15 at 14:06
  • It is obviously your compromised web application or your compromised server. Either way, you need to rebuild and secure it properly. – Michael Hampton Oct 14 '15 at 14:07
  • the first that i cannot rebuild it, and the second that i dont know how to secure it properly. – Paulo Roberto Rosa Oct 14 '15 at 14:09
  • i just trying to know how to find that security breach and how to close it – Paulo Roberto Rosa Oct 14 '15 at 14:10
  • @MichaelHampton has given you the correct advice. If you insist on finding the entry points for the compromised application or server, you should check application and server log files. You should also check the integrity of the application source, by comparing these to the original source and backups. By doing this you may find modified or new files. It is unlikely you will find useful information in email messages or logs because **you** are the source of the spam. If you are using a common application like Wordpress or Drupal, ensure you are using the latest versions and check permissions. – AndrewNimmo Oct 19 '15 at 10:09

0 Answers0