Bandwidth Suspension due to SMTP

OwenC

Member
Oct 23, 2019
15
1
3
1Hopkins!
cPanel Access Level
Root Administrator
Help appreciated with this problem....
So one client on a shared server is getting bandwidth limited.
If I look in Cpanel / Metrics / Bandwidth, I see that SMTP has been increasing since Aug 2020 (4Gb) to Nov (12Gb), Dec (19Gb) and now for January it's 54GB!!
Thing is, I can not see any mail transactions to that degree. Cpanel email accounts are fine.
/var/log/maillog looks OK to me. Even WHM/Mail/mail sent summary doesn't show any big sends.

Anyone seen this, or can you point me in the right direction.

Thanks in advance.
 
Last edited by a moderator:

kodeslogic

Well-Known Member
Apr 26, 2020
334
128
118
IN
cPanel Access Level
Root Administrator
Possibly this may be due to spamming, Have you harden your PHP versions for scripts not to send mails using mail(), and alternative secure smtp() should be used for php scripts.
I would suggest getting in touch with one of the Certified System Administration Service provider to have a close look for you.
 

OwenC

Member
Oct 23, 2019
15
1
3
1Hopkins!
cPanel Access Level
Root Administrator
Possibly this may be due to spamming, Have you harden your PHP versions for scripts not to send mails using mail(), and alternative secure smtp() should be used for php scripts.
I would suggest getting in touch with one of the Certified System Administration Service provider to have a close look for you.
Thanks for the reply.
On previous occasions when there have been scripts compromised etc, the mails have shown in the logs.
I have also run Imunify AV and there is nothing.

Thanks.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
I would expect there to be some type of data logged on the mail log. Do you see an increase in size of the /var/log/exim_mainlog file on the system? /var/log/maillog wouldn't show the actual email transactions, so if there was a script sending messages you may not find much there.

You may also want to read through our guide on tracking down spammers here, as that could be helpful for this situation: