Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to check culprit user(s) in huge exim mail queue

Discussion in 'E-mail Discussion' started by Bashed, Apr 11, 2014.

  1. Bashed

    Bashed Well-Known Member

    Joined:
    Dec 18, 2013
    Messages:
    113
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Anyone know how to check what user(s) are taking up the 700k+ (yes, 700,000+) emails in the exim queue? Either a command via ssh or using ConfigServer Mail Queues plugin?

    Thanks.
     
    #1 Bashed, Apr 11, 2014
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Have you tried viewing a few of the messages to see the message contents and message headers?

    Code:
    exim -Mvb messageID
exim -Mvh messageID
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Apr 11, 2014
  3. Bashed

    Bashed Well-Known Member

    Joined:
    Dec 18, 2013
    Messages:
    113
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    There's over 700,000 in the queue. I wiped the out last week, happened again today. I need to trace which user these mass emails are coming from. I want to know how to pull a stat/count of top user incoming/outgoing specifically in the queue but not sure how.
     
    #3 Bashed, Apr 20, 2014
  4. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    575
    Likes Received:
    20
    Trophy Points:
    143
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The first step as cPanelMichael has explained is to view the headers and body of a particular message ID. That will help in determining if you're dealing with a compromised account or not. Likewise you can also grep for the messageID in the /var/log/exim_mainlog file to determine how/where it originated and why it's getting stuck in the queue.

    Start there and it should lead you to a solution.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelPeter, Apr 21, 2014
  5. acenetgeorge

    acenetgeorge Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2008
    Messages:
    67
    Likes Received:
    4
    Trophy Points:
    58
    Location:
    Southfield, MI
    cPanel Access Level:
    DataCenter Provider
    Check the /var/log/exim_maillog, and see if you see any patterns. Maybe grep the outlook for "<=" (the sending address) or look for "courier_login" or "dovecot_login" to see if maybe you have a compromised email account password. You could also look for "exceeded" or "failed" or "quota".

    If you do not have any mail send limits, you may want to limit the hourly rate. We use 600, so we do something like this to look for accounts sending out a lot of spam:

    Code:
    exigrep exceeded /var/log/exim_mainlog | grep 600
    There are all sorts of things you can search for in the mail logs to help track this down. Pattern recognition comes in VERY handy when digging through large logs.
     
    #5 acenetgeorge, Apr 21, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - check culprit user(s)
  1. Alfastar

    The remote basic credential check failed due to an error

    Alfastar, Oct 17, 2018 at 3:54 AM, in forum: Data Protection
    Replies:
    3
    Views:
    39
    cPanelLauren
    Oct 17, 2018 at 7:03 PM
  2. Elizabeta

    Checking bandwidth for accounts in cPanel

    Elizabeta, Oct 9, 2018, in forum: General Discussion
    Replies:
    5
    Views:
    73
    Elizabeta
    Oct 15, 2018 at 2:19 AM
  3. Pauldomain

    Install PHP 7.2 package pre checks

    Pauldomain, Oct 4, 2018, in forum: EasyApache
    Replies:
    1
    Views:
    66
    cPanelLauren
    Oct 8, 2018
  4. HaydenKatz

    WHMAPI1 modifyacct MXCHECK not saved

    HaydenKatz, Sep 11, 2018, in forum: cPanel Developers
    Replies:
    2
    Views:
    100
    HaydenKatz
    Sep 12, 2018
  5. durangod

    SOLVED check x-Accel-Redirect or x-Sendfile

    durangod, Sep 10, 2018, in forum: Security
    Replies:
    2
    Views:
    114
    durangod
    Sep 16, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice