{"id":111,"date":"2011-12-10T19:49:00","date_gmt":"2011-12-10T19:49:00","guid":{"rendered":"http:\/\/pheonixsolutions.com\/?p=111"},"modified":"2026-06-13T08:52:04","modified_gmt":"2026-06-13T03:22:04","slug":"catching-spammers-on-cpanel-server-exim-mta","status":"publish","type":"post","link":"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/","title":{"rendered":"Catching Spammers on cPanel Server -EXIM (MTA)"},"content":{"rendered":"\n<h4 class=\"wp-block-heading\">Introduction<\/h4>\n\n\n\n<p>Email spam originating from compromised websites, vulnerable scripts, or unauthorized users can negatively impact your server&#8217;s reputation and lead to IP blacklisting. On cPanel servers, Exim MTA provides detailed logging that can help administrators identify the source of spam emails. This guide explains how to enable advanced Exim logging and trace spam emails back to the responsible script, user account, or website.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h4 class=\"wp-block-heading\">Prerequisites<\/h4>\n\n\n\n<p>Before proceeding, ensure the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Root SSH access to the cPanel\/WHM server.<\/li>\n\n\n\n<li>Exim Mail Transfer Agent (MTA) installed and running.<\/li>\n\n\n\n<li>Basic knowledge of Linux command-line operations.<\/li>\n\n\n\n<li>Access to Exim configuration files and log directories.<\/li>\n\n\n\n<li>A recent backup of the Exim configuration before making changes.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h4 class=\"wp-block-heading\">Procedure<\/h4>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Enable Advanced Exim Logging<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Edit the Exim configuration file:<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">vi \/etc\/exim.conf\n<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Locate the line:<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">hostlist auth_relay_hosts = *\n<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Add the following line immediately after it (ensure it remains on a single line):<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn\n<\/pre>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>Save the file and exit.<\/li>\n\n\n\n<li>Restart Exim:<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">service exim restart\n<\/pre>\n\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>Monitor the Exim log file:<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">tail -f \/var\/log\/exim_mainlog\n<\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Identify the Spam Message ID<\/h3>\n\n\n\n<p>Obtain the Message-ID from the email header. Example:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">1DWJj4-00042i-74\n<\/pre>\n\n\n\n<p>This Message-ID is critical for tracing the source of the spam email.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Search Exim Logs<\/h3>\n\n\n\n<p>Search for the Message-ID in Exim logs:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">grep \"1DWJj4-00042i-74\" \/var\/log\/exim_mainlog\n<\/pre>\n\n\n\n<p>Review:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sender address<\/li>\n\n\n\n<li>Recipient address<\/li>\n\n\n\n<li>Delivery path<\/li>\n\n\n\n<li>Script location<\/li>\n\n\n\n<li>Username<\/li>\n\n\n\n<li>Timestamp<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Identify the Responsible User or Script<\/h3>\n\n\n\n<p>If the log output reveals:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Domain name<\/li>\n\n\n\n<li>cPanel username<\/li>\n\n\n\n<li>PHP script path<\/li>\n<\/ul>\n\n\n\n<p>You can immediately investigate or suspend the offending account.<\/p>\n\n\n\n<p>Example indicators:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">cwd=\/home\/user\/public_html\/\n<\/pre>\n\n\n\n<p>or<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">A=dovecot_login:user@example.com\n<\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Inspect Exim Spool Files<\/h3>\n\n\n\n<p>If the logs do not clearly identify the sender:<\/p>\n\n\n\n<p>Locate the message files:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">find \/var\/spool\/exim\/input -name \"*1DWJj4-00042i-74*\"\n<\/pre>\n\n\n\n<p>You should find:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">1DWJj4-00042i-74-H\n1DWJj4-00042i-74-D\n<\/pre>\n\n\n\n<p>Where:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>-H<\/code> = Envelope\/Header information<\/li>\n\n\n\n<li><code>-D<\/code> = Message body\/data<\/li>\n<\/ul>\n\n\n\n<p>Inspect them:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">cat 1DWJj4-00042i-74-H\ncat 1DWJj4-00042i-74-D\n<\/pre>\n\n\n\n<p>Look for:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">auth_sender\nreceived_from\ncwd\n<\/pre>\n\n\n\n<p>These fields often reveal the originating account.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Investigate &#8220;Nobody&#8221; Emails<\/h3>\n\n\n\n<p>If emails are sent as:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">nobody@nobody\n<\/pre>\n\n\n\n<p>the spam is likely being sent through a PHP script.<\/p>\n\n\n\n<p>Check the Exim logs for script paths:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">grep nobody \/var\/log\/exim_mainlog\n<\/pre>\n\n\n\n<p>If the spam originates from <code>\/tmp<\/code>, inspect the files:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">ls -lah \/tmp\n<\/pre>\n\n\n\n<p>Check:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">stat suspicious_file.php\n<\/pre>\n\n\n\n<p>Record the file creation time and correlate it with:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/usr\/local\/apache\/logs\/error_log\n<\/pre>\n\n\n\n<p>and<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/usr\/local\/apache\/domlogs\/*\n<\/pre>\n\n\n\n<p>to identify the account that uploaded the script.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Search Apache Domain Logs<\/h3>\n\n\n\n<p>Search all domain logs for suspicious activity:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">for file in \/usr\/local\/apache\/domlogs\/*; do\n    grep \"example\" \"$file\"\ndone\n<\/pre>\n\n\n\n<p>Replace <code>\"example\"<\/code> with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Suspicious filename<\/li>\n\n\n\n<li>Upload script name<\/li>\n\n\n\n<li>Known exploit pattern<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 8: Check for Recently Terminated Accounts<\/h3>\n\n\n\n<p>Sometimes the spammer account may already be removed.<\/p>\n\n\n\n<p>Search the cPanel accounting log:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">grep \"ebayspammer.com\" \/var\/cpanel\/accounting.log\n<\/pre>\n\n\n\n<p>This helps determine whether the offending account was terminated previously.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Important Log Locations<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Log\/File<\/th><th>Purpose<\/th><\/tr><\/thead><tbody><tr><td><code>\/var\/log\/exim_mainlog<\/code><\/td><td>Main Exim activity log<\/td><\/tr><tr><td><code>\/var\/log\/formmail.log<\/code><\/td><td>FormMail activity<\/td><\/tr><tr><td><code>\/usr\/local\/apache\/logs\/error_log<\/code><\/td><td>Apache errors<\/td><\/tr><tr><td><code>\/usr\/local\/apache\/domlogs\/*<\/code><\/td><td>Domain access logs<\/td><\/tr><tr><td><code>\/var\/spool\/exim\/input\/*\/*<\/code><\/td><td>Message headers and bodies<\/td><\/tr><tr><td><code>\/var\/spool\/exim\/msglog\/*\/*<\/code><\/td><td>Per-message logs<\/td><\/tr><tr><td><code>\/tmp<\/code><\/td><td>Temporary uploaded scripts<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Useful Commands<\/h3>\n\n\n\n<p>Search recursively for a Message-ID:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">find \/var\/spool\/exim -type f | xargs grep \"1DWJj4-00042i-74\"\n<\/pre>\n\n\n\n<p>Search recent Exim activity:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">grep \"$(date '+%Y-%m-%d')\" \/var\/log\/exim_mainlog\n<\/pre>\n\n\n\n<p>Monitor live mail activity:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">tail -f \/var\/log\/exim_mainlog\n<\/pre>\n\n\n\n<p>Check Exim queue:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">exim -bp\n<\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h4 class=\"wp-block-heading\">Conclusion<\/h4>\n\n\n\n<p>Tracking spam on a cPanel server requires analyzing Exim logs, message spool files, Apache logs, and uploaded scripts. The most effective approach is to start with the Message-ID from the spam email header and trace it through <code>exim_mainlog<\/code>. By correlating timestamps across Exim, Apache, and system logs, administrators can identify compromised scripts, vulnerable websites, or abusive user accounts and take corrective action before the server&#8217;s reputation is affected.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction Email spam originating from compromised websites, vulnerable scripts, or unauthorized users can negatively impact your server&#8217;s reputation and lead to IP blacklisting. On cPanel servers, Exim MTA provides detailed logging that can help administrators identify the source of spam emails. This guide explains how to enable advanced Exim logging&hellip; <a href=\"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/\" class=\"more-link read-more\" rel=\"bookmark\">Continue Reading <span class=\"screen-reader-text\">Catching Spammers on cPanel Server -EXIM (MTA)<\/span><i class=\"fa fa-arrow-right\"><\/i><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[1],"tags":[],"class_list":{"0":"post-111","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-uncategorized","7":"h-entry","9":"h-as-article"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Pheonix Solutions - We Empower Your Business Growth<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pheonix Solutions - We Empower Your Business Growth\" \/>\n<meta property=\"og:description\" content=\"Introduction Email spam originating from compromised websites, vulnerable scripts, or unauthorized users can negatively impact your server&#8217;s reputation and lead to IP blacklisting. On cPanel servers, Exim MTA provides detailed logging that can help administrators identify the source of spam emails. This guide explains how to enable advanced Exim logging&hellip; Continue Reading Catching Spammers on cPanel Server -EXIM (MTA)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/\" \/>\n<meta property=\"og:site_name\" content=\"PHEONIXSOLUTIONS\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/PheonixSolutions-209942982759387\/\" \/>\n<meta property=\"article:published_time\" content=\"2011-12-10T19:49:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-13T03:22:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/09\/PX2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"3837\" \/>\n\t<meta property=\"og:image:height\" content=\"2540\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@pheonixsolution\" \/>\n<meta name=\"twitter:site\" content=\"@pheonixsolution\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/catching-spammers-on-cpanel-server-exim-mta\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/catching-spammers-on-cpanel-server-exim-mta\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/0ffa33d73c869faec2d50e79c24e3503\"},\"headline\":\"Catching Spammers on cPanel Server -EXIM (MTA)\",\"datePublished\":\"2011-12-10T19:49:00+00:00\",\"dateModified\":\"2026-06-13T03:22:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/catching-spammers-on-cpanel-server-exim-mta\\\/\"},\"wordCount\":492,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/catching-spammers-on-cpanel-server-exim-mta\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/catching-spammers-on-cpanel-server-exim-mta\\\/\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/catching-spammers-on-cpanel-server-exim-mta\\\/\",\"name\":\"Pheonix Solutions - We Empower Your Business Growth\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#website\"},\"datePublished\":\"2011-12-10T19:49:00+00:00\",\"dateModified\":\"2026-06-13T03:22:04+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/catching-spammers-on-cpanel-server-exim-mta\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/catching-spammers-on-cpanel-server-exim-mta\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/catching-spammers-on-cpanel-server-exim-mta\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Catching Spammers on cPanel Server -EXIM (MTA)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/\",\"name\":\"Pheonix Solutions\",\"description\":\"We Empower Your Business Growth\",\"publisher\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#organization\",\"name\":\"PheonixSolutions\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/logo.png\",\"contentUrl\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/logo.png\",\"width\":454,\"height\":300,\"caption\":\"PheonixSolutions\"},\"image\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/PheonixSolutions-209942982759387\\\/\",\"https:\\\/\\\/x.com\\\/pheonixsolution\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/0ffa33d73c869faec2d50e79c24e3503\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"http:\\\/\\\/pheonixsolutions.com\\\/blog\"],\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pheonix Solutions - We Empower Your Business Growth","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/","og_locale":"en_US","og_type":"article","og_title":"Pheonix Solutions - We Empower Your Business Growth","og_description":"Introduction Email spam originating from compromised websites, vulnerable scripts, or unauthorized users can negatively impact your server&#8217;s reputation and lead to IP blacklisting. On cPanel servers, Exim MTA provides detailed logging that can help administrators identify the source of spam emails. This guide explains how to enable advanced Exim logging&hellip; Continue Reading Catching Spammers on cPanel Server -EXIM (MTA)","og_url":"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/","og_site_name":"PHEONIXSOLUTIONS","article_publisher":"https:\/\/www.facebook.com\/PheonixSolutions-209942982759387\/","article_published_time":"2011-12-10T19:49:00+00:00","article_modified_time":"2026-06-13T03:22:04+00:00","og_image":[{"width":3837,"height":2540,"url":"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/09\/PX2.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_creator":"@pheonixsolution","twitter_site":"@pheonixsolution","twitter_misc":{"Written by":"admin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/#article","isPartOf":{"@id":"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/"},"author":{"name":"admin","@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/person\/0ffa33d73c869faec2d50e79c24e3503"},"headline":"Catching Spammers on cPanel Server -EXIM (MTA)","datePublished":"2011-12-10T19:49:00+00:00","dateModified":"2026-06-13T03:22:04+00:00","mainEntityOfPage":{"@id":"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/"},"wordCount":492,"commentCount":0,"publisher":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/","url":"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/","name":"Pheonix Solutions - We Empower Your Business Growth","isPartOf":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#website"},"datePublished":"2011-12-10T19:49:00+00:00","dateModified":"2026-06-13T03:22:04+00:00","breadcrumb":{"@id":"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/pheonixsolutions.com\/blog\/catching-spammers-on-cpanel-server-exim-mta\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/pheonixsolutions.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Catching Spammers on cPanel Server -EXIM (MTA)"}]},{"@type":"WebSite","@id":"https:\/\/pheonixsolutions.com\/blog\/#website","url":"https:\/\/pheonixsolutions.com\/blog\/","name":"Pheonix Solutions","description":"We Empower Your Business Growth","publisher":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/pheonixsolutions.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/pheonixsolutions.com\/blog\/#organization","name":"PheonixSolutions","url":"https:\/\/pheonixsolutions.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/12\/logo.png","contentUrl":"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/12\/logo.png","width":454,"height":300,"caption":"PheonixSolutions"},"image":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/PheonixSolutions-209942982759387\/","https:\/\/x.com\/pheonixsolution"]},{"@type":"Person","@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/person\/0ffa33d73c869faec2d50e79c24e3503","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g","caption":"admin"},"sameAs":["http:\/\/pheonixsolutions.com\/blog"],"url":"https:\/\/pheonixsolutions.com\/blog\/author\/admin\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p7F4uM-1N","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/comments?post=111"}],"version-history":[{"count":1,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/111\/revisions"}],"predecessor-version":[{"id":10356,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/111\/revisions\/10356"}],"wp:attachment":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/media?parent=111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/categories?post=111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/tags?post=111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}