Check client mail?

[taz7981]

Hello,

Is there a way to check a sample of clients outgoing emails? Sometimes I get a suspicion that one of the clients is sending spam on a slow but steady basis, but don't know how I could best confirm without being able to check what's being sent out.

Any tips on this, or alternative ways?

Thanks

 

[taz7981]

Nevermind, I've found a solution.

 

[cPanelMichael]

Hello

You could review the /var/log/exim_mainlog file to see the mail activity for the account. In addition, there are a few mail report options in Web Host Manager under "Email".

Thank you.

 

[taz7981]

Turns out my initial solution isn't that reliable.

Hello

You could review the /var/log/exim_mainlog file to see the mail activity for the account. In addition, there are a few mail report options in Web Host Manager under "Email".

Thank you.

But doesn't exim log only show data about the email being sent/received and when? I want to actually see what's inside the email, so I can confirm whether it's spam or not.

Is there no way to do this?

 

[cPanelPeter]

Hello,

Not really. There is lots of data stored in the exim_mainlog file, but not the whole message. At best you might get the subject line which is seen in the log file as T="Subject Here"

If you have the message ID and the message is still in the mail queue, you can type:

# exim -Mvb MESSAGEID

to view the message body of that MESSAGEID

 

[ThinIce]

One option might be to enable scanning of outgoing email with spamassassin in the exim configuration, this may give you some idea on the 'junkishness' of mail going out of an account...

cPanel also now has options to archive incoming / outgoing email within each account, you could enable this and then take a gander at what's inside

Email Archiving

Another good tell is many IP addresses from different countries sending mail via an email account, this is normally a botnet slowly sending single messages with login details of a compromised email account