find source of incoming emails

asmithjr

Well-Known Member
Jun 13, 2003
514
6
168
I've created a problem for myself over the years. I thought I was being smart creating alias each time I had to provide an email to an external source. The thought was just do away with the alias when I found that email was being spammed. Now years later the email spam is out of control on my server.
Is there a good way to find out which alias email is being hit with all the spam? I am not sure my main email is getting all the junk email or if it is coming from one of the alias accounts.
Thanks
 

keat63

Well-Known Member
Nov 20, 2014
1,854
224
93
cPanel Access Level
Root Administrator
Without me digging through my own mail logs, I don't entirely know the answer.
However, it would help others if you could tell us whether you have root access or if you are a web site owner.
Do you have access to WHM or Cpanel only?
 

keat63

Well-Known Member
Nov 20, 2014
1,854
224
93
cPanel Access Level
Root Administrator
I'm using forwarders for some of our sales orders.
I opened one up and can quite clearly see in the message headers where it was originally sent.

In fact, I'm struggling to see anything related to the mailbox it actually landed in.
 

asmithjr

Well-Known Member
Jun 13, 2003
514
6
168
I do have root access. This is a small VPS and I manage the server with full access.
 

andrew.n

Well-Known Member
Jun 9, 2020
328
71
28
EU
cPanel Access Level
Root Administrator
Well the info you are looking for is definitely in /var/log/exim_mainlog but if you have many email accounts it will be a bit difficult to read. This script makes it a bit easier to track things down:

 

keat63

Well-Known Member
Nov 20, 2014
1,854
224
93
cPanel Access Level
Root Administrator

andrew.n

Well-Known Member
Jun 9, 2020
328
71
28
EU
cPanel Access Level
Root Administrator
right....so what's the problem here?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
@andrew.n there isn't a problem @keat63 was showing the OP how to identify mail sent to an alias which is the question the user was asking.


@asmithjr if I understand correctly the Aliases you created were just forwarders for accounts that do not exist correct? If this is the case and you removed those, but mail is still being accepted for those email accounts you could eliminate this problem entirely by going to cPanel >> Email >> Default Address and ensure the setting you have for unrouted mail (mail that is sent to [email protected]) is not set to forward to an email address or your system account.
 

asmithjr

Well-Known Member
Jun 13, 2003
514
6
168
What I found to work for me is:
Code:
grep "[email protected]" exim_mainlog | grep virtual | grep "(" | awk -F "(" '{print $2}' | awk -F ")" '{print $1}'
My main address is [email protected], this shows me all email accounts from the exim_mainlog that were forwarded to my main address.
 
Last edited by a moderator:
  • Like
Reactions: keat63