I have been trying to combat this for a long time. This gives some solutions and a list of links that cast some light on the subject.
I get emails supposedly from me to myself and when I click 'view source' all the headers but one are my email address, apart from the first one below.
I do NOT automatically allow images in my emails in case a bad one slips through as much malware is carried in images.
Steps to Identify senders of Spam Emails
- Click View Source
- Select ALL (pc keys control+a)
- Copy all (control +c)
- Paste into notepad or other text editor
- Search for the IP and any other strange or unusual headers
- You can block the sending IP in cPanel. Be careful not to block any of your own server's ips.
- Check where the ip is in the world - it could be part of your CDN provider or a legitimate search bot address.
- Also or instead, when it's not your own address you can block that email address under any header.
Using IP Block in cPanel I Block the originating IPs. See if that works, then look at alternative measures. Did I say it was easy? NO, it is not!
I check IPs here as many are reported and it tells me what and where the ip is:
NOTE: Blocking a lot of IPs Can slow down you mailserver as it has to check for all those IPs before completing the task - I have only seen that mentioned once on my cyber travels - but thought I had better mention it. I have no idea what 'A lot' is.
Looking For Ways to Block Spam Emails
First I looked for this in Search: how do people send spam from localhost and found this:
It led me to search for: how to Block direct-to-MX Sending in cPanel. If you have all day you can read loads of results there, but I changed the seach to: cpanel email sending spam and found this, which is getting closer to a solution, I think:
and this to limit sending:
This might be useful if you have your own server:
I typed this header into Google search:
Received: from jozlfzl ([126.96.36.199]) by 19962.com with MailEnable ESMTP; Tue, 23 Apr 2019 16:20:13 +0530 Received: (qmail 19962 invoked by uid 199)
I found these, all very techy:
Which seems to be advice for hosting providers or if you have your own server on Plesk.
and this, it's very out-dated but might give clues on what to search for:
Which has advice on how to find and mentions spamsender script. I will investigate that. How to find and delete spamsender script.
One user says this but unfortunately the articles no longer exist, but the 404 page has a search bar:
I've used the following articles to find out spammers and it worked every time :
You should be able to find the exact php script.
A suggested search was:
'qmail invoked from network', to which I added 'cpanel'.
These are instructions for Plesk but most of us need to find out what to do in cPanel
Might have to get the host to find it - or move to another hosting provider!
And this which is a long read and I don't know how much use it is to the ordinary user.
If anyone knows a definitive answer to this please do tell us in the comments.
Spammy comments will be deleted so don't even try!