Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim_mainlog - e-mail account breached

Discussion in 'E-mail Discussion' started by StelarBlack, Jan 14, 2015.

  1. StelarBlack

    StelarBlack Member

    Dec 7, 2014
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hi, I have noticed strange behaviour reading my exim_mainlog, but not sure what is actually happening. Mail queue is getting full, when I investigated case, I have change e-mail password for suspicious account, and problem is still presented. I have mail queue full of spam messages, like that:

    This message was created automatically by mail delivery software.
    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:
        Domain [B][/B] has exceeded the max defers and failures per hour (5/5 (17%)) allowed. Message discarded.
    ------ This is a copy of the message, including all the headers. ------
    Return-path: <[B][/B]>
    Received: from [] (port=51089)
    	by [B][/B] with esmtpa (Exim 4.84)
    	(envelope-from <<[B][/B]>>)
    	id 1YBJnJ-0006h0-6n
    	for; Wed, 14 Jan 2015 09:59:17 +0100
    Content-Type: text/plain; charset="iso-8859-1"
    MIME-Version: 1.0
    Content-Transfer-Encoding: quoted-printable
    Content-Description: Mail message body
    Subject: Settlement   
    From: "IMF" <<[B][/B]>>
    Date: Wed, 14 Jan 2015 02:58:45 -0600
    And then a lot of similar logs:

    [B]2015-01-14 09:57:50 1YBJlu-0006h0-Lz <= [B][/B] H=([]) []:51089 P=esmtpa S=2057 T="Settlement" for[/B]
    What is concerning me, I am not sure if that mailbox is brached, and sending a lot of spam to random e-mails, how to find out what is actually happening?
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    You may want to try running the following command to see if any scripts in your /home directory are sending out email:

    awk '/cwd=\/home\// {print $3}' /var/log/exim_mainlog|sort|uniq -c|sort -n
    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice