Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Email history question

Discussion in 'E-mail Discussion' started by Bashed, Dec 13, 2018.

Tags:
  1. Bashed

    Bashed Well-Known Member

    Joined:
    Dec 18, 2013
    Messages:
    123
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    How do I trace the script sending these massive amounts of outgoing mail? Also, what about this CSF showing nearly 200k outgoing mail? Where is this from within CSF and how can I stop this?

    Code:
       1304 /home/knuxxxxx
       1304 /home/munin
       1778 /home/geotroxxxxx/public_html
       6520 /home/dueoxxxxx
       6520 /home/ingenixxxxx
       6520 /home/moyaxxxxx
     187977 /etc/csf
    [email protected] [/var/log]# grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n ^C 
     
  2. dalem

    dalem Well-Known Member PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,909
    Likes Received:
    127
    Trophy Points:
    368
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    csf should be telling you the user that is relaying 200k
    it should also tell you the IP(s) " AUTHRELAY, Remote IP - xx.xxx.xxx.xx
    you can also check the "View relayers" in WHM

    from the snippet of the log you posted
    /home/geotroxxxxx/public_html
    seems to be one that's sending from a script

    you can cd /home/geotroxxxxx/public_html
    ls -lt and see what files & folders are the newest and work from there usually spam scripts are quite obvious.


    or you can
    grep xx.xxx.xxx.xx /var/log/apache2/domlogs/domain.com
    grep xx.xxx.xxx.xx /var/log/apache2/domlogs/domain.com-ssl_log

    to see what script the nasty IP is calling
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,534
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice