Find courier_login of user from message ID


Nov 6, 2012
cPanel Access Level
Root Administrator
I have recently had an email account on our server compromised, which was sending out spam via our server from multiple IP addresses.

It was easy to find which cpanel account the emails were being sent from via WHM in the Mail Delivery Reports and Sent Summaries. The problem though was that none of this information would show what user account was being used to send these emails.

I was able to find the courier_login information by searching for the message ID in the /var/log/exim_mainlog, and then reset the compromised password. It would be much better (and efficient) if this information can be found within WHM, which could link right back to the user account so the password could have been easily reset in one step, without need to go through SSH to lookup the log file.

Is there something I have overlooked, or is this feature not currently available in WHM.