How do we stop spam coming from my server?

Exim, or the MTA (Mail Transfer Agent) on your server handles email deliveries. All email activity is logged including mail sent from scripts. It does this by logging the current working directory from where the script was executed.

Using this knowledge you can easily track down a script of your own that is being exploited to send out spam, or locate possibly malicious scripts that a spammer has placed onto your server.

Find top scripts sending into Exim

command

#grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F”cwd=” ‘{print $2}’ | awk ‘{print $1}’ | sort | uniq -c | sort -n

Search Redult

15 /home/userna5/public_html/about-us
25 /home/userna5/public_html
7866 /home/userna5/public_html/data

this 7866 number show how many time this path use to send mail