Skip to content

Spam Sent From Your Own Email Address

I have been trying to combat this for a long time. This gives some solutions and a list of links that cast some light on the subject.

I get emails supposedly from me to myself and when I click 'view source' all the headers but one are my  email address, apart from the first one below.

I do NOT automatically allow images in my emails in case a bad one slips through as much malware is carried in images.

Steps to Identify senders of Spam Emails

  1. Click View Source
  2. Select ALL (pc keys control+a)
  3. Copy all (control +c)
  4. Paste into notepad or other text editor
  5. Search for the IP and any other strange or unusual headers
  6. You can block the sending IP in cPanel. Be careful not to block any of your own server's ips.
  7. Check where the ip is in the world - it could be part of your CDN provider or a legitimate search bot address.
  8. Also or instead, when it's not your own address you can block that email address under any header.

Using IP Block in cPanel I Block the originating IPs. See if that works, then look at alternative measures. Did I say it was easy? NO, it is not!

I check IPs here as many are reported and it tells me what and where  the ip is:

https://www.abuseipdb.com/

NOTE: Blocking a lot of IPs Can slow down you mailserver as it has to check for all those IPs before completing the task - I have only seen that mentioned once on my cyber travels - but thought I had better mention it. I have no idea what 'A lot' is.

Looking For Ways to Block Spam Emails

First I looked for this in Search: how do people send spam from localhost and found this:

https://www.spamhaus.org/news/article/718/stop-spammers-from-exploiting-your-webserver

It led me to search for: how to Block direct-to-MX Sending in cPanel. If you have all day you can read loads of results there, but I changed the seach to: cpanel email sending spam and found this, which is getting closer to a solution, I think:

https://superuser.com/questions/1117586/how-to-find-the-source-of-email-spam-from-a-cpanel-account

and this to limit sending:

Prevent Outgoing Spam from Webmail Accounts

This might be useful if you have your own server:

https://www.inmotionhosting.com/support/email/exim/find-spam-script-location-with-exim

I typed this header into Google search:

Received: from jozlfzl ([52.114.112.82]) by 19962.com with MailEnable ESMTP; Tue, 23 Apr 2019 16:20:13 +0530 Received: (qmail 19962 invoked by uid 199)

I found these, all very techy:

https://docs.plesk.com/en-US/onyx/advanced-administration-guide-linux/services-management/spam-protection/fighting-spam-on-a-qmail-mail-server.61674/

Which seems to be advice for hosting providers or if you have your own server on Plesk.

and this,  it's very out-dated but might give clues on what to search for:

https://talk.plesk.com/threads/qmail-find-source-of-spam.104897/

Which has advice on how to find  and mentions spamsender script. I will investigate that. How to find and delete spamsender script.

One user says this but unfortunately the articles no longer exist, but the 404 page has a search bar:

I've used the following articles to find out spammers and it worked every time :

http://kb.odin.com/766
and
http://kb.odin.com/en/1711

You should be able to find the exact php script.

A suggested search was:

'qmail invoked from network', to which I added 'cpanel'.

These are instructions for Plesk but most of us need to find out what to do in cPanel

Might have to get the host to find it - or move to another hosting provider!

Track spammer in Qmail (Plesk)

And this which is a long read and I don't know how much use it is to the ordinary user.

Spamming in a Qmail enabled Plesk Server – Finding the culprit

If anyone knows a definitive answer to this please do tell us in the comments.

Piglets Image by Roy Buri from Pixabay

Spammy comments will be deleted so don't even try!