upsforum

Well-Known Member
Jul 27, 2005
473
0
166
Dear all,


you can explain me as read explain event log of WHM?

for example, this message generate a "LOCALHOSTRELAY Alert for 127.0.0.1", but I don't understand who or what sent


Event: success
User: hostuser
Domain: domainuser.it
Sender: info2013 @ yahoo.co.uk
Sent Time: Jun 25, 2013 12:02:12 PM
Sender Host: localhost
Sender IP: 127.0.0.1
Authentication: dovecot_login
Spam Score:
Recipient: dushi_ama @ hotmail.com
Delivered To: dushi_ama @ hotmail.com
Delivery User: -remote-
Delivery Domain:
Router: lookuphost
Transport: remote_smtp
Out Time: Jun 25, 2013 12:02:12 PM
ID: 1UrQ53-00007a-CG
Delivery Host: mx4.hotmail.com
Delivery IP: 65.54.188.126
Size: 1.78 KB
Result: Message accepted
 

ThinIce

Well-Known Member
Apr 27, 2006
352
9
168
Disillusioned in England
cPanel Access Level
Root Administrator
Generally speaking, these fields tell you the account

User: hostuser
Domain: domainuser.it

These indicate the message was sent via webmail

Sender IP: 127.0.0.1
Authentication: dovecot_login
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

Yes, the user/domain field will typically indicate which account was used to send the message. You can also search for the recipient address in the Exim log file. EX:

Code:
exigrep [email protected] /var/log/exim_mainlog
Thank you.