The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email sent from Admin Accounts - Not by clients?

Discussion in 'E-mail Discussions' started by justhost, Apr 1, 2004.

  1. justhost

    justhost Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Halifax, Nova Scotia
    Hello,

    When I look through the Mail Statistics inWHM the top senders each week are the admin accounts for several of the domains on this box. I know for a fact that these people are not sending these emails. Especially since in my region the ISP's have forced everyone sending POP email to send using their servers (some SPAM blocking thing) so realistically the only way these users would be sending these messages is from sqmail ??

    So obviously I think someone is relaying or something off my server but when I check at the Open Relay checks I do not find I am an Open Relay?

    Anyone have any thoughts?

    Thanks
     
  2. justhost

    justhost Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Halifax, Nova Scotia
    anyone?

    This is still happening and I am getting quite concerned.

    thanks
     
  3. bamasbest

    bamasbest Well-Known Member

    Joined:
    Jan 10, 2004
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    16
    Do any of these users have any sort of formmail processors or any other types of scripts that generate email;)?
     
  4. justhost

    justhost Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Halifax, Nova Scotia
    I believe they do use php mail() command for contact forms. I am not sure if all do but I can look. I thought messages sent via these go through nobody? and shouldnt be sent as their admin though?
     
  5. carlaron

    carlaron Well-Known Member

    Joined:
    Jun 26, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    I am seeing a similar trend, but I was wondering, maybe this doesn't mean that these users are sending mail out...

    Could it just be that the exim stats are unclear when they report that a user forwarded mail, even if it was forwarded to :blackhole:?

    I noticed that even the legitimage mail I get mentions the main "admin" user of my domain in the return-path header, as if the admin user actually received then forwarded the mail to the specific email account.

    Say a piece of mail comes in for "foobar@somedomain.com", which is administrated by user "someguy". Do the exim stats report this as "someguy" sending mail to "foobar"?

    And if the domain has default set to ""blackhole:", would the stats report that "someguy" had sent on those emails as well?

    Similarly for mail discarded with an Email Filter rule?

    So these large numbers of mails "sent" from the admin users might just mean that a large amount of spam and other mail to undefined users was passed through the main account and then discarded.

    I'm not sure if this is the case, but unless my box is hacked (I find no other signs of that, and I've had other hacked boxes in the past, so I have a bit of an idea what to look for) or unless exim is not requiring SMTP auth for the main admin users to send mail, I can't think of any other reason for these stats.
     
  6. ghv

    ghv Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    I think you may be right. I have a few old domains that I don't maintain anymore and they don't actually send any mail but they still get a lot of incoming spam.

    They often rate high as "local senders" in exim stats.

    It would be great if someone could confirm that your theory is correct...
     
  7. justhost

    justhost Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Halifax, Nova Scotia
    That is a very good theory and definitely makes sense. Ditto about confirmation. Would make me feel alot better about the situation.

    Thanks.
     
Loading...

Share This Page