Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED [CPANEL-20345] eximstats_spam_check cron job always sends root notification

Discussion in 'E-mail Discussion' started by swbrains, Apr 2, 2018.

  1. swbrains

    swbrains Well-Known Member

    Joined:
    Sep 13, 2006
    Messages:
    132
    Likes Received:
    16
    Trophy Points:
    168
    Hi, I have checked in WHM contact manager, and this notification is set to disabled, yet I receive several of them every day (I have one legitimate customer who sends a lot of emails throughout the day). Still I'd like to disable it (or be able to configure it to a higher threshold). But why does it still send the notification if I've disabled it? screencapture_000481.png
     
  2. 63bus

    63bus Active Member

    Joined:
    Mar 31, 2007
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    156
    Yes, disabling the above turned off one message but I'm getting the email below all the time since my site sends out tons of legitimate email.

    warn [eximstats_spam_check] The system has detected an unusually large amount of outbound email. The following sender(s) may be sending spam: <removed>
     
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @63bus and @swbrains,

    There's an internal case (CPANEL-20345) open to address an issue where the server's root contact email address receives a notification from crond when eximstats_spam_check runs as part of the following root cron job:

    5,20,35,50 * * * * /usr/local/cpanel/scripts/eximstats_spam_check 2>&1

    This is independent of the Large Amount of Outbound Email Detected notification type. It's tentatively planned for inclusion with cPanel & WHM version 74.

    In the meantime, one workaround is to setup an email filter for the email account that receives root notifications with a rule that delete emails matching the contents of the subject or message body. Then, once the case is published, remove the email filter.

    Thank you.

    Edit: CPANEL-20345 is now scheduled for inclusion with cPanel & WHM version 74.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelMichael, Apr 3, 2018
    Last edited: Jun 27, 2018
  4. swbrains

    swbrains Well-Known Member

    Joined:
    Sep 13, 2006
    Messages:
    132
    Likes Received:
    16
    Trophy Points:
    168
    Thanks. Did this change recently? I checked my trash (where these are being filtered) and these notifications only started as of 3/29/2018.

    Oh great. I just mistyped crontab -r instead of crontab -e and deleted my crontab file. Now I have bigger problems. Why does crontab -r NOT prompt for confirmation, especially since the E and R keys are right next to each other on the keyboard?

    Any ideas how to locate a backup of this file or regenerate a default crontab file?
     
  5. rclemings

    rclemings Well-Known Member

    Joined:
    Nov 5, 2007
    Messages:
    47
    Likes Received:
    5
    Trophy Points:
    58
    Try /var/spool/cron/root for the default.
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes, the following case was included in the most recent cPanel & WHM version 68 build:

    Fixed case CPANEL-19455: New crontab breaking update on upgrade.

    This added the cron job on systems where it was missing.

    Here's the default root crontab for cPanel & WHM version 68:

    Code:
    0 6 * * * /usr/local/cpanel/scripts/exim_tidydb > /dev/null 2>&1
    30 5 * * * /usr/local/cpanel/scripts/optimize_eximstats > /dev/null 2>&1
    @reboot /usr/local/cpanel/bin/onboot_handler
    26 22 * * * /usr/local/cpanel/whostmgr/docroot/cgi/cpaddons_report.pl --notify
    12 3 * * * /usr/local/cpanel/scripts/upcp --cron
    0 1 * * * /usr/local/cpanel/scripts/cpbackup
    0 2 * * * /usr/local/cpanel/bin/backup
    35 * * * * /usr/bin/test -x /usr/local/cpanel/bin/tail-check && /usr/local/cpanel/bin/tail-check
    5,20,35,50 * * * * /usr/local/cpanel/scripts/eximstats_spam_check 2>&1
    45 */4 * * * /usr/bin/test -x /usr/local/cpanel/scripts/update_mailman_cache && /usr/local/cpanel/scripts/update_mailman_cache
    30 */4 * * * /usr/bin/test -x /usr/local/cpanel/scripts/update_db_cache && /usr/local/cpanel/scripts/update_db_cache
    30 */2 * * * /usr/local/cpanel/bin/mysqluserstore >/dev/null 2>&1
    15 */2 * * * /usr/local/cpanel/bin/dbindex >/dev/null 2>&1
    15 */6 * * * /usr/local/cpanel/scripts/autorepair recoverymgmt >/dev/null 2>&1
    */5 * * * * /usr/local/cpanel/scripts/dcpumon-wrapper >/dev/null 2>&1
    09,39 * * * * /usr/local/cpanel/scripts/clean_user_php_sessions > /dev/null 2>&1
    8,23,38,53 * * * * /usr/local/cpanel/whostmgr/bin/dnsqueue > /dev/null 2>&1
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. dfkern

    dfkern Registered

    Joined:
    Feb 20, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    50
    Location:
    Nashville, TN
    Ideally, there would be a setting that would set the warning ,
    > X where x is some adjustibla limit.
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @dfkern

    We plan to expand upon this feature in cPanel & WHM version 72 by adding the Number of unique recipients per hour to trigger potential spammer notification. option in the Mail tab of WHM >> Home >> Server Configuration >> Tweak Settings. This setting will allow you to specify the number of emails that any account may send in one hour before the system sends an alert notification.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. rclemings

    rclemings Well-Known Member

    Joined:
    Nov 5, 2007
    Messages:
    47
    Likes Received:
    5
    Trophy Points:
    58
  10. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. petersphilo

    petersphilo Member

    Joined:
    Nov 14, 2016
    Messages:
    19
    Likes Received:
    5
    Trophy Points:
    3
    Location:
    Paris
    cPanel Access Level:
    Reseller Owner
    Sorry for reviving this thread..
    One of the servers i manage is running WHM 70.x, and sends somewhat large mailers a couple of times a week, so this notification is driving me bonkers...
    if i simply remove the line below from the root cron file, will it be re-added by the updater once the server is updated to v72.x (where it is allegedly fixed)?
    Code:
    5,20,35,50 * * * * /usr/local/cpanel/scripts/eximstats_spam_check 2>&1
    Also, does this command perform other kinds of checks?
    if so, i don't want to give up any chance of catching illicit spam behavior..

    Thank you!
     
    kamm likes this.
  12. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @petersphilo,

    Can you verify that Large Amount of Outbound Email Detected is set to Disabled under the Notifications tab in WHM >> Contact Manager? That's the supported method of disabling the notification.

    The issue referenced on this thread (CPANEL-19455) isn't regarding the notification itself, but instead relates to the
    eximstats_spam_check cron job using the warning output instead of the info output. Rather than modifying the cron job itself, a better approach is to simply setup a temporary email filter that deletes this particular email for your email account that receives root notifications. Then, once the case is published, remove the email filter. I've modified the earlier post to reflect this workaround instead of the cron job modification steps.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. JanKrohn

    JanKrohn Active Member

    Joined:
    May 6, 2013
    Messages:
    37
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Phnom Penh
    cPanel Access Level:
    Root Administrator
    Now that version 72 is released, I've not noticed any changes. I've done the configuration both in Contact Manager as well as Tweak Settings, but still receive the messages.
     
  14. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @JanKrohn,

    A request to backport internal case CPANEL-20345 into cPanel & WHM version 72 is still open at this time, but at the moment it's currently scheduled for inclusion with cPanel & WHM version 74. I've modified the earlier response to reflect this, and I'll update this thread again if that changes. In the meantime, the recommended workaround is to setup an email filter for the email account that receives root notifications with a rule that delete emails matching the contents of the subject or message body. Then, once the case is published, remove the email filter.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice