The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email Account Is Not Valid, Yet sending mail Out

Discussion in 'E-mail Discussions' started by Ken Roy, Mar 1, 2016.

  1. Ken Roy

    Ken Roy Registered

    Joined:
    Aug 20, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Memphis
    cPanel Access Level:
    Root Administrator
    I have a domain that has minimal email account on it. Yet when I check the mail deliver reports on the server I see email accounts that is sending out emails. I have locked down the SMTP, and the nobody from send mail.. Yet when you look at the attached image there is a user sending out email. How are they getting by the configuration in Exim

    Sender Host: Local Host
    Sender IP : 127.0.0.1
    Authentication : local user Cpanel.jpg
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you elaborate on the specific steps you have taken to disable email for the account?

    Thank you.
     
  3. Ken Roy

    Ken Roy Registered

    Joined:
    Aug 20, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Memphis
    cPanel Access Level:
    Root Administrator
    When you look into the site email folder.... It is not there. When you look in the cpanel area it is not there ... See Images
    cpanel-01.jpg
    cpanel-02.jpg
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's possible a script is uploaded to the account with the ability to send out email using any sender address. Try searching the account for files with the ability to send out email, or use the following command to see if you notice any scripts sending out large amounts of email:

    Code:
    awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
    Thank you.
     
  5. Ken Roy

    Ken Roy Registered

    Joined:
    Aug 20, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Memphis
    cPanel Access Level:
    Root Administrator
    Thanks for that information

    I ran this command
    grep 1agwpj-0006cZ-1I /var/log/exim_mainlog

    To see what was the specific email in the mainlog. Then I get back the following which makes no sense. If it is NOT smtp why is allowed to go out.

    2016-03-18 12:01:08 1agwpj-0006cZ-1I U=dubocom Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as NOT spam (0.8)"

    - Removed -
     
    #5 Ken Roy, Mar 19, 2016
    Last edited by a moderator: Mar 19, 2016
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please remove any actual emails, IPs or domain names from any output you post.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you use the "exigrep" command instead of the "grep" command when searching specific message IDs? This will ensure all aspects of the message delivery are provided in the output.

    Thank you.
     
Loading...

Share This Page