The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

email alerts

Discussion in 'E-mail Discussions' started by adibranch, Apr 7, 2009.

  1. adibranch

    adibranch Member

    Joined:
    Apr 7, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    hi all :) great forums !

    anyway, i've got a VPS with a few accounts on it. I recently brought over a site from another less reliable and less secured server.

    All is fine, but this site flags up warning on CSF as follows, normally two or three a day..

    HTML:
    Suspicious process running under user security
    Executable:
    
    /usr/bin/perl
    Command Line (often faked in exploits):
    spamd child
    HTML:
      Excessive resource usage: security (1405)
    Account:      security
    Resource:     Process Time
    Exceeded:     12643 > 1800 (seconds)
    Executable:   /usr/bin/perl
    Command Line: spamd child
    
    'security' is obviously the name of the account.

    In the mail rejection logs, i'm also seeing "Rejected MAIL: "REJECTED - Bad HELO - Host impersonating (security account domain)" relating to that account. I'm not seeing this for any other account on the server.

    My hosts say this is nothing to worry about, and 'perhaps this account see's more spam than others'. I'm not so sure. I know the alertis coming from the spamassassin perl script triggering CSF, but why only this account and none of the other 25 odd? They all receive spam to some degree.

    Is it possible the security account is being compromised in some way?
     
    #1 adibranch, Apr 7, 2009
    Last edited: Apr 7, 2009
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might try the CSF forums where there are many topics about these email alerts.
     
Loading...

Share This Page