Spam tracking question
Fortunately the spam was caught and the account was terminated promptly thanks to speedy SpamCop reports. My question:
I've tried looking/grep'ing through all of the exim logs on the server trying to track this spam back to the user account to see how many messages went out but I can find hide nor hair of it anywhere. The forwarded messages from SpamCop show several different IPs on the server as the sender which is odd because exim is only sending from the main ip. Most of the IPs are unallocated to accounts. The user account had no files so I do not think they were using a script of some sort.
This is a Cpanel server. Any suggestions on exploits to look for? I want to make sure this does not happen again.
