taz7981

Registered
Dec 6, 2013
4
0
1
cPanel Access Level
Root Administrator
Hello,

Is there a way to check a sample of clients outgoing emails? Sometimes I get a suspicion that one of the clients is sending spam on a slow but steady basis, but don't know how I could best confirm without being able to check what's being sent out.

Any tips on this, or alternative ways?

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

You could review the /var/log/exim_mainlog file to see the mail activity for the account. In addition, there are a few mail report options in Web Host Manager under "Email".

Thank you.
 

taz7981

Registered
Dec 6, 2013
4
0
1
cPanel Access Level
Root Administrator
Turns out my initial solution isn't that reliable.

Hello :)

You could review the /var/log/exim_mainlog file to see the mail activity for the account. In addition, there are a few mail report options in Web Host Manager under "Email".

Thank you.
But doesn't exim log only show data about the email being sent/received and when? I want to actually see what's inside the email, so I can confirm whether it's spam or not.

Is there no way to do this?
 

cPanelPeter

Technical Analyst III
Staff member
Sep 23, 2013
575
21
143
cPanel Access Level
Root Administrator
Twitter
Hello,

Not really. There is lots of data stored in the exim_mainlog file, but not the whole message. At best you might get the subject line which is seen in the log file as T="Subject Here"

If you have the message ID and the message is still in the mail queue, you can type:

# exim -Mvb MESSAGEID

to view the message body of that MESSAGEID
 

ThinIce

Well-Known Member
Apr 27, 2006
352
9
168
Disillusioned in England
cPanel Access Level
Root Administrator
One option might be to enable scanning of outgoing email with spamassassin in the exim configuration, this may give you some idea on the 'junkishness' of mail going out of an account...

cPanel also now has options to archive incoming / outgoing email within each account, you could enable this and then take a gander at what's inside

Email Archiving

Another good tell is many IP addresses from different countries sending mail via an email account, this is normally a botnet slowly sending single messages with login details of a compromised email account