Well my server was working just fine. SPAM was almost none, clients happy all great. SpamAssasin was on everywhere. Sun was shining.

Few days ago came a blizzard of SPAMs and are still coming.

Since I am not too technical (not to say noob) can anyone give me some directions as to what happened?
Hacked? SPAM found a hole? something... and of course how to fix it...

I have CentOS and Cpanel 11.

thx!

Ok....so you have a lot of spam that is getting through to users inbox's on the server?

Have you thought about turning on box trapper under the email options in Cpanel?

box trapper is great however to complicated for my users...

i have updated cpanel and it seems that so far they have come to usual amount more or less.

how can i scan my server to see if some spammer is sending mail from my server, or that there is some "hole" or bug through which spams come through?

I'm not an expert on linux server security / spam problems due to a compromised server....if your not either, I would suggest possibly haveing the server looked at by a management company?

Quite a few out there, including the planet will harden your server, and optimize it.

Chances are, that you or the IP space that your server is in was targeted by spammers.

We host our own exchange server here in Memphis, and have a barracuda spam firewall in front of it....Right now we're averaging 3000 inbound emails, and out of that, 2000 is spam...some times we'll spike an extra 1000 emails / day due to increased targetting or more spammers or whatever causes spam to increase! lol

I've been seeing a lot more backscatter. Previous to last month it was typical to see one or two "joe job" bounces where the from address was randomly forged. Now it seems some spam sending tool must have been released that doesn't randomize the from, reply-to, or return-path as I'm seeing various email addresses at various ISPs hit really hard for a couple days at a time, as in 1,000 or 2,000 bounces where the headers often show the mail servers actually involved are in another country. Interestingly the from display name is randomized, but the return-path funnels all the bounces to just one address so it becomes more like a "joe job" than just the normal randomized backscatter.