Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Email Account Is Not Valid, Yet sending mail Out

Discussion in 'E-mail Discussion' started by Ken Roy, Mar 1, 2016.

  1. Ken Roy

    Ken Roy Registered

    Joined:
    Aug 20, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Memphis
    cPanel Access Level:
    Root Administrator
    I have a domain that has minimal email account on it. Yet when I check the mail deliver reports on the server I see email accounts that is sending out emails. I have locked down the SMTP, and the nobody from send mail.. Yet when you look at the attached image there is a user sending out email. How are they getting by the configuration in Exim

    Sender Host: Local Host
    Sender IP : 127.0.0.1
    Authentication : local user Cpanel.jpg
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Could you elaborate on the specific steps you have taken to disable email for the account?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Ken Roy

    Ken Roy Registered

    Joined:
    Aug 20, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Memphis
    cPanel Access Level:
    Root Administrator
    When you look into the site email folder.... It is not there. When you look in the cpanel area it is not there ... See Images
    cpanel-01.jpg
    cpanel-02.jpg
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    It's possible a script is uploaded to the account with the ability to send out email using any sender address. Try searching the account for files with the ability to send out email, or use the following command to see if you notice any scripts sending out large amounts of email:

    Code:
    awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Ken Roy

    Ken Roy Registered

    Joined:
    Aug 20, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Memphis
    cPanel Access Level:
    Root Administrator
    Thanks for that information

    I ran this command
    grep 1agwpj-0006cZ-1I /var/log/exim_mainlog

    To see what was the specific email in the mainlog. Then I get back the following which makes no sense. If it is NOT smtp why is allowed to go out.

    2016-03-18 12:01:08 1agwpj-0006cZ-1I U=dubocom Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as NOT spam (0.8)"

    - Removed -
     
    #5 Ken Roy, Mar 19, 2016
    Last edited by a moderator: Mar 19, 2016
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,468
    Likes Received:
    420
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please remove any actual emails, IPs or domain names from any output you post.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Could you use the "exigrep" command instead of the "grep" command when searching specific message IDs? This will ensure all aspects of the message delivery are provided in the output.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice