The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Find courier_login of user from message ID

Discussion in 'E-mail Discussions' started by threeam, Nov 6, 2012.

  1. threeam

    threeam Registered

    Nov 6, 2012
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    I have recently had an email account on our server compromised, which was sending out spam via our server from multiple IP addresses.

    It was easy to find which cpanel account the emails were being sent from via WHM in the Mail Delivery Reports and Sent Summaries. The problem though was that none of this information would show what user account was being used to send these emails.

    I was able to find the courier_login information by searching for the message ID in the /var/log/exim_mainlog, and then reset the compromised password. It would be much better (and efficient) if this information can be found within WHM, which could link right back to the user account so the password could have been easily reset in one step, without need to go through SSH to lookup the log file.

    Is there something I have overlooked, or is this feature not currently available in WHM.

Share This Page