How to find out the spam mailing script’s location

How to find out the spam mailing script’s location

The Exim mail server has a lot of options/commands to find out the details of spammers easily from the command line.We can find out the mail queue details, spam mail sender details, spam mail counts etc from the link I mentioned above.

Here is a piped-command to find out the spam mailing script’s location/folder in the server. It would be more helpful for us to identify the spam mail sending script and we can nullify it easily to stop spamming activity.

Steps to find the spam mailing script location?

Step 1 : SSH to your server as root user.
Step 2 : Execute the command pasted below:

# grep cwd /var/log/exim_mainlog|grep -v /var/spool|awk -F"cwd=" '{print $2}'|awk '{print $1}'|sort|uniq -c|sort -n

The above command will displays the total count of emails sent and the corresponding directory/location which generate the spam mails actually.

# grep cwd /var/log/exim_mainlog|grep -v /var/spool|awk -F"cwd=" '{print $2}'|awk '{print $1}'|sort|uniq -c|sort -n
     ...........
     ...........
    370 /home/$USER1/public_html
    386 /home/$USER2/public_html
    415 /home/$USER3/public_html
    470 /home/$USER4/public_html
    620 /root
   1409 /home/$USER5/public_html/link
   6340 /home/$USER6/public_html
  63898 /etc/csf

To find the domain which is being used by spammers

exim -bpr | exiqsumm -c | head

To remove the emails being used by spammers

exiqgrep -ir <domain> | xargs -n1 exim -Mrm

Hope this article helps you. For, cPanel related articles please click here