Looking for Outbound spam
Log files where we can look for more details are.
The following to the exim configuration to enable some extended logging that greatly improves the ease in tracking down on-server spammers:
In WHM > Exim Configuration Editor > Switch to Advanced Mode > in the first textbox add the following line and then Save:
log_selector = +arguments +subject
This tells exim to log the path on disk from where the email was executed and the subject of the email.
suexec, if enabled, will run CGI scripts as the owner of the script file, typically the cPanel account name.
phpsuexec, if enabled, will run PHP scripts in the same manner as CGI scripts.
Changing the Sending IP for Outbound Email in Exim
In order to specify which IP address should handle outbound mail, you will need to disable an option in WHM’s Exim Configuration Editor . You can find the Exim Configuration Editor in the Service Configuration section of WHM. To begin, navigate to the configuration editor and disable the following option:
* Automatically send outgoing mail from the account’s IP address instead of the main IP address.
By default, Exim will send mail from the server’s main shared IP address. Enabling this option forces your users to send mail from their main domain’s IP address. If you choose to enable the option listed above, you will not be able to manually specify the IP addresses from which the domains send mail. This option uses /scripts/updateuserdomains to automatically populate /etc/mailhelo and /etc/mailips.