cPanel customer sending phishing emails...

One of our cPanel customers is apparently sending out phishing scam emails - the link in the message goes to a free hosting service, so I can't get their identity from that.

The parts of the message header that implicate our machine is:

Received: from nobody by chi-l1.ripside.com with local (Exim 4.52) id 1FFLxW-0004Vu-28

and

Return-Path: nobody@chi-l1.ripside.com

I've sinced disabled "nobody" from sending emails, but I'm still not sure that would help me determine the source of this junk.

How can I figure out which account (there are about 60) is generating these? Our cPanel is up to date, but this also concerns me that we have a security issue.

I'm cross-posting this to cPanel's forums too.

TYVM.

 

 

 

 

Top