Mail Statistics Summary

[khalled]

in WHM 11.42.1 when i review Mail Statistics Summary i found that the number of Messages received per hour is very huge and i actully used my server as host for vbulltine and send newsleletter weekly but not used it to recive mail , is that huge numer of mail i recived is the failure delivery Status Notification or there is other reason for this huge number of message i sea in Mail Statistics Summary and how to overcome this to decrase server load

also there is some hours as show next the server not recive or send message what cause that

Messages received per hour (each dot is 516 messages)

00-01 8520 ................
01-02 13738 ..........................
02-03 13844 ..........................
03-04 4471 ........
04-05 735 .
05-06 194
06-07 52
07-08 13
08-09 432
09-10 0
10-11 0
11-12 0
12-13 0
13-14 0
14-15 0
15-16 0
16-17 0
17-18 0
18-19 0
19-20 0
20-21 0
21-22 0
22-23 0
23-24 25807 ..................................................


Deliveries per hour (each dot is 293 deliveries)

00-01 5500 ..................
01-02 5596 ...................
02-03 5347 ..................
03-04 2271 .......
04-05 500 .
05-06 181
06-07 36
07-08 19
08-09 281
09-10 0
10-11 0
11-12 0
12-13 0
13-14 0
14-15 0
15-16 0
16-17 0
17-18 0
18-19 0
19-20 0
20-21 0
21-22 0
22-23 0
23-24 14644 .................................................

 

[cPanelMichael]

Hello

I recommend reviewing the following log file:

/var/log/exim_mainlog

This will give you a better idea about what email is received/sent from your server.

Thank you.

 

[khalled]

Hello

I recommend reviewing the following log file:

/var/log/exim_mainlog

This will give you a better idea about what email is received/sent from your server.

Thank you.

when i go to check the file exim_mainlog i found it volume veru huge and difficult to downlaod and check it
but from Mail Statistics Summary in WHM i found the following Mail Statistics Summary in attached word file , i hope if you can help me to analysis it

 

[cPanelMichael]

Try using the "tail" command to view the last several lines of /var/log/exim_mainlog. EX:

tail -500 /var/log/exim_mainlog

The mail statistics are helpful, but it's not going to really help you to determine the source/cause of the email activity.

Thank you.

 

[khalled]

very thanks for help
i run the "tail" command and i get the following can you help me anylsis it

 

[cPanelMichael]

Hello

I removed the output you provided because it's not good practice to post real email addresses on a public forum. From what I noticed, the messages were mostly from:

/home/*****/public_html/images

I suggest reviewing the script in that directory and determine if it's legitimate or should be removed for sending out SPAM.

Thank you.

 

[khalled]

very thanks for your help and for removing the output , i will check and give feedback

 

[khalled]

you are right cPanelMichael , i found send.php file the path you refer to which send this massages and i delete it alos i temporary change the name of usr/sbin/sendmail to stop mail spam but when i check

tail -500 /var/log/exim_mainlog

i still have the following message which seam to be spam massage , i try to Remove All messages From the Mail Queue but not succeed by using
# exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash
# exim -bp | exiqgrep -i | xargs exim -Mrm

the result of "tail" command as show below (you can delete it after review if it is wrong to share)
very thanks for your help


- Removed -

 

[Infopro]

you are right cPanelMichael , i found send.php file the path you refer to which send this massages

How would an email script file get into the images directory, unless the account has been compromised?

Spam coming out of that account may not be your only problem.

 

[khalled]

i search internet to Remove All messages From the Mail Queue and run many commands but the service exim (exim-4.82-3.cp1136) failed , and when try to restart it iget the error

Waiting for exim to restart...............................................................finished.

exim has failed, please contact the sysadmin.

is any way to make it run or to remove and reinstall it

 

[cPanelMichael]

Please review the last couple of lines in /var/log/exim_mainlog or /var/log/exim_paniclog when Exim fails to restart. Do you notice any particular error messages?

Thank you.

 

[khalled]

This the result and last couple of lines in /var/log/exim_mainlog or /var/log/exim_paniclog

/root$ tail -500 /var/log/exim_mainlog

2014-05-08 09:17:56 1WiIaZ-0005je-RW no immediate delivery: load average 25.77
2014-05-08 09:17:56 cwd=/home/******/public_html/images 3 args: /usr/sbin/sendmail -oi -t
2014-05-08 09:17:56 1WiIaZ-0005jn-TH <= ******@server.******.net U=****** P=local S=773 [email protected]******.net T="Confirm Receipt" for username @aol.com
2014-05-08 09:17:56 1WiIaZ-0005jn-TH no immediate delivery: load average 25.77
2014-05-08 09:17:56 cwd=/home/******/public_html/images 3 args: /usr/sbin/sendmail -oi -t
2014-05-08 09:17:56 1WiIaa-0005kg-CU <= ******@server.******.net U=****** P=local S=4596 [email protected]******.net T="THE TRANSFER WILL BE DONE TODAY, IF WE HEAR FROM YOU." for username @aol.com
2014-05-08 09:17:56 1WiIaa-0005kg-CU no immediate delivery: load average 25.77
2014-05-08 09:17:56 cwd

/root$ tail -500 /var/log/exim_paniclog

2014-05-08 09:17:03 1WiIZi-00047m-C1 User 0 set for local_delivery transport is on the never_users list
2014-05-08 09:17:03 1WiIZj-0004AN-JH User 0 set for local_delivery transport is on the never_users list
2014-05-08 09:17:13 1WiIZs-0004g8-LC User 0 set for local_delivery transport is on the never_users list
2014-05-08 09:17:14 1WiIZs-0004gB-O5 User 0 set for local_delivery transport is on the never_users list
2014-05-08 09:17:15 1WiIZt-0004iN-W4 User 0 set for local_delivery transport is on the never_users list

 

[cPanelMichael]

I see no entries that would indicate a reason why Exim is failing. Are you sure it's not running? Is the Exim process active?

Thank you.

 

[khalled]

I see no entries that would indicate a reason why Exim is failing. Are you sure it's not running? Is the Exim process active?

Thank you.

i check service as shown in this post
https://forums.cpanel.net/f5/service-status-exim-failed-161202.html#post675258
and it show that the service not run
and try to update it using /scripts/eximup -- force
but get the following error
-bash: line 17: /scripts/eximup: No such file or directory

is any way to uninstall it and reinstall it again

 

[khalled]

i check service as shown in this post
https://forums.cpanel.net/f5/service-status-exim-failed-161202.html#post675258
and it show that the service not run
and try to update it using /scripts/eximup -- force
but get the following error
-bash: line 17: /scripts/eximup: No such file or directory

is any way to uninstall it and reinstall it again

i try some commands but not succesed i hope if ifound help in this proble
some of commands i test

/usr/local/cpanel/scripts$ /scripts/eximup --force --verbose
-bash: line 15: /scripts/eximup: No such file or directory
/usr/local/cpanel/scripts$ /etc/exim.pl
-bash: line 16: /etc/exim.pl: Permission denied
/usr/local/cpanel/scripts$ rpm -qa | grep -i exim
exim-4.82-3.cp1136
/usr/local/cpanel/scripts$ /scripts/mailperm
/usr/local/cpanel/scripts$ /scripts/mailtroubleshoot
Please use mail troubleshooter Version 2.0 in WHM. at /scripts/mailtroubleshoot line 5.
/usr/local/cpanel/scripts$ scripts/fixeverything
-bash: line 22: scripts/fixeverything: No such file or directory
/usr/local/cpanel/scripts$ /scripts/eximup --force
-bash: line 23: /scripts/eximup: No such file or directory

 

[khalled]

thanks it run and i do the following if any suffer from that
WHM»cPanel »Upgrade to Latest Version
Upgrade to Latest Version

check Force a reinstall even if the system is up to date. and Upgrade

 

[cPanelPeter]

Hello,

Yes, an upgrade (upcp) can usually solve problems like what you were experiencing. Thanks for updating this thread.