Commands to find spammers on the cpanel server

19 Jan

As you know, exim is generally used as mail servers in Cpanel.

a) Tracking the scripts that send mails:

The following command will be helpful to get the path of the script that is
sending mails.

ps -C exim -fH ewww|awk ‘{for(i=1;i<=40;i++){print $i}}’|sort|uniq -c|grep PWD |sort -n

ignore the following lines if any line that contains


If it was happened few times ago, you can use the following command.

grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n

The output format of the above command is the same.

That’s all about tracking a spamming script.

In most of the servers, the SMTP port would be 25. If we know the SMTP port, we can trace the spammer IP address using the following command.

netstat -plan |grep :25 | awk ‘{print $5}’ |cut -d: -f1 |sort |uniq -c |sort -n

If you are using another port for SMTP ( not 25 ), you should replace the port 25 with the correct one.

If you are not sure about the SMTP port, please use the following command to get the port number.

cat /etc/services | grep smtp

It will work to find spammers!! 😎


Posted by on January 19, 2012 in Uncategorized


2 responses to “Commands to find spammers on the cpanel server

  1. Snehalk

    February 16, 2012 at 4:46 am

    Splendid job! hope to see some more great posts like this 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: