I have a web hosting account which uses CPanel. I received an email from my hosting provider last week to say that my account has been sending spam so they have suspended it. After some negotiation, I have got the account re-enabled but I've got a feeling that it is still sending spam.
How can I discover where the spam is originating? I have changed all the passwords on the email accounts and the only machine I use to access those accounts has ZoneAlarm and Norton AntiVirus 2004 installed. Also, I have checked my web logs and there are no dodgy script calls in there so I don't think it's from a cgi script.
Anyone suggest anything? I'm worried that they'll close my account if I don't get this sorted soon.
Check the headers of the message in question. It could be possible that the spammers are not sending it through your server but just faking the From: line. If that is the case there is not much you can do about that.
Also, make sure that you don't have formmailers on your site. If you do, make sure you are using a secure version. Some older versions of formmailers are notorious for allowing spammers to send out messages using your server.
It's just a hosting account on my provider's server. I've checked the server and it isn't open relay, although it does allow you to send SMTP without authentication if you have successfully loged into POP3 within the last 30 mins.
Is there a log file or something which will show the outgoing emails from my account?
If it's your provider's server then I doubt you will have access to the mail logs. Really the only way that I think spam could be sent from your account it through a script of some kind. In most cases a provider will disable a script if it is sending out spam. Call up your provider and ask them how they determined the spam was coming from your account.