Hello,
It's the second time when one of my client has this issue, now about an year ago I discovered that all the emails received by my client ware redirected to an gmail account, he did not know anything about that forwarder. I deleted the forwarder and changed email account password and cpanel password.
Now about a month ago he asked me to send the new cpanel password, I sent it and now they told me they receive some Failed delivery emails from gmail. When I checked the email I noticed that the same thing happen again, 3 email accounts had an active filter.
The filter name was just a dot, so it's easy to miss it in the filters list
Can you tell me what logs I can search to track down who created those filters ? I tried searching for the gmail address in /usr/local/cpanel/logs/access_log but couldn't find anything .
If the filter was created trough Roundcube / Horde (if it's possible) what logs should I search?
If the forms that change the password use POST method, maybe it would be helpfull to track things if there will be some informations in the GET too, like the email address used to add the forwarder.
Also is it possible to get a notification when a new filter is created or when a new forwarder is created?
Thank you.
It's the second time when one of my client has this issue, now about an year ago I discovered that all the emails received by my client ware redirected to an gmail account, he did not know anything about that forwarder. I deleted the forwarder and changed email account password and cpanel password.
Now about a month ago he asked me to send the new cpanel password, I sent it and now they told me they receive some Failed delivery emails from gmail. When I checked the email I noticed that the same thing happen again, 3 email accounts had an active filter.
The filter name was just a dot, so it's easy to miss it in the filters list
Can you tell me what logs I can search to track down who created those filters ? I tried searching for the gmail address in /usr/local/cpanel/logs/access_log but couldn't find anything .
If the filter was created trough Roundcube / Horde (if it's possible) what logs should I search?
If the forms that change the password use POST method, maybe it would be helpfull to track things if there will be some informations in the GET too, like the email address used to add the forwarder.
Also is it possible to get a notification when a new filter is created or when a new forwarder is created?
Thank you.