The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail Statistics Summary

Discussion in 'E-mail Discussions' started by khalled, May 6, 2014.

  1. khalled

    khalled Active Member

    Joined:
    Jan 8, 2011
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    in WHM 11.42.1 when i review Mail Statistics Summary i found that the number of Messages received per hour is very huge and i actully used my server as host for vbulltine and send newsleletter weekly but not used it to recive mail , is that huge numer of mail i recived is the failure delivery Status Notification or there is other reason for this huge number of message i sea in Mail Statistics Summary and how to overcome this to decrase server load

    also there is some hours as show next the server not recive or send message what cause that

    Messages received per hour (each dot is 516 messages)

    00-01 8520 ................
    01-02 13738 ..........................
    02-03 13844 ..........................
    03-04 4471 ........
    04-05 735 .
    05-06 194
    06-07 52
    07-08 13
    08-09 432
    09-10 0
    10-11 0
    11-12 0
    12-13 0
    13-14 0
    14-15 0
    15-16 0
    16-17 0
    17-18 0
    18-19 0
    19-20 0
    20-21 0
    21-22 0
    22-23 0
    23-24 25807 ..................................................


    Deliveries per hour (each dot is 293 deliveries)

    00-01 5500 ..................
    01-02 5596 ...................
    02-03 5347 ..................
    03-04 2271 .......
    04-05 500 .
    05-06 181
    06-07 36
    07-08 19
    08-09 281
    09-10 0
    10-11 0
    11-12 0
    12-13 0
    13-14 0
    14-15 0
    15-16 0
    16-17 0
    17-18 0
    18-19 0
    19-20 0
    20-21 0
    21-22 0
    22-23 0
    23-24 14644 .................................................
     
    #1 khalled, May 6, 2014
    Last edited: May 6, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I recommend reviewing the following log file:

    Code:
    /var/log/exim_mainlog
    This will give you a better idea about what email is received/sent from your server.

    Thank you.
     
  3. khalled

    khalled Active Member

    Joined:
    Jan 8, 2011
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    when i go to check the file exim_mainlog i found it volume veru huge and difficult to downlaod and check it
    but from Mail Statistics Summary in WHM i found the following Mail Statistics Summary in attached word file , i hope if you can help me to analysis it
     
    #3 khalled, May 7, 2014
    Last edited by a moderator: May 8, 2014
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Try using the "tail" command to view the last several lines of /var/log/exim_mainlog. EX:

    Code:
    tail -500 /var/log/exim_mainlog
    The mail statistics are helpful, but it's not going to really help you to determine the source/cause of the email activity.

    Thank you.
     
  5. khalled

    khalled Active Member

    Joined:
    Jan 8, 2011
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    very thanks for help
    i run the "tail" command and i get the following can you help me anylsis it
     
    #5 khalled, May 7, 2014
    Last edited: May 8, 2014
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I removed the output you provided because it's not good practice to post real email addresses on a public forum. From what I noticed, the messages were mostly from:

    I suggest reviewing the script in that directory and determine if it's legitimate or should be removed for sending out SPAM.

    Thank you.
     
  7. khalled

    khalled Active Member

    Joined:
    Jan 8, 2011
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    very thanks for your help and for removing the output , i will check and give feedback
     
  8. khalled

    khalled Active Member

    Joined:
    Jan 8, 2011
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    you are right cPanelMichael , i found send.php file the path you refer to which send this massages and i delete it alos i temporary change the name of usr/sbin/sendmail to stop mail spam but when i check
    i still have the following message which seam to be spam massage , i try to Remove All messages From the Mail Queue but not succeed by using
    # exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash
    # exim -bp | exiqgrep -i | xargs exim -Mrm

    the result of "tail" command as show below (you can delete it after review if it is wrong to share)
    very thanks for your help


    - Removed -
     
    #8 khalled, May 8, 2014
    Last edited by a moderator: May 9, 2014
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,463
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    How would an email script file get into the images directory, unless the account has been compromised?

    Spam coming out of that account may not be your only problem.
     
  10. khalled

    khalled Active Member

    Joined:
    Jan 8, 2011
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    i search internet to Remove All messages From the Mail Queue and run many commands but the service exim (exim-4.82-3.cp1136) failed , and when try to restart it iget the error

    is any way to make it run or to remove and reinstall it
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Please review the last couple of lines in /var/log/exim_mainlog or /var/log/exim_paniclog when Exim fails to restart. Do you notice any particular error messages?

    Thank you.
     
  12. khalled

    khalled Active Member

    Joined:
    Jan 8, 2011
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    This the result and last couple of lines in /var/log/exim_mainlog or /var/log/exim_paniclog

    /root$ tail -500 /var/log/exim_mainlog

    Code:
    2014-05-08 09:17:56 1WiIaZ-0005je-RW no immediate delivery: load average 25.77
    2014-05-08 09:17:56 cwd=/home/******/public_html/images 3 args: /usr/sbin/sendmail -oi -t
    2014-05-08 09:17:56 1WiIaZ-0005jn-TH <= ******@server.******.net U=****** P=local S=773 id=13e49bbd4f55ee976dac803f544276e4@www.******.net T="Confirm Receipt" for username @aol.com
    2014-05-08 09:17:56 1WiIaZ-0005jn-TH no immediate delivery: load average 25.77
    2014-05-08 09:17:56 cwd=/home/******/public_html/images 3 args: /usr/sbin/sendmail -oi -t
    2014-05-08 09:17:56 1WiIaa-0005kg-CU <= ******@server.******.net U=****** P=local S=4596 id=8bdd4afaa8424013763d0e8f99313943@www.******.net T="THE TRANSFER WILL BE DONE TODAY, IF WE HEAR FROM YOU." for username @aol.com
    2014-05-08 09:17:56 1WiIaa-0005kg-CU no immediate delivery: load average 25.77
    2014-05-08 09:17:56 cwd
    
    /root$ tail -500 /var/log/exim_paniclog
    Code:
    2014-05-08 09:17:03 1WiIZi-00047m-C1 User 0 set for local_delivery transport is on the never_users list
    2014-05-08 09:17:03 1WiIZj-0004AN-JH User 0 set for local_delivery transport is on the never_users list
    2014-05-08 09:17:13 1WiIZs-0004g8-LC User 0 set for local_delivery transport is on the never_users list
    2014-05-08 09:17:14 1WiIZs-0004gB-O5 User 0 set for local_delivery transport is on the never_users list
    2014-05-08 09:17:15 1WiIZt-0004iN-W4 User 0 set for local_delivery transport is on the never_users list
    
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  14. khalled

    khalled Active Member

    Joined:
    Jan 8, 2011
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    i check service as shown in this post
    https://forums.cpanel.net/f5/service-status-exim-failed-161202.html#post675258
    and it show that the service not run
    and try to update it using /scripts/eximup -- force
    but get the following error
    -bash: line 17: /scripts/eximup: No such file or directory

    is any way to uninstall it and reinstall it again
     
    #14 khalled, May 9, 2014
    Last edited: May 9, 2014
  15. khalled

    khalled Active Member

    Joined:
    Jan 8, 2011
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    i try some commands but not succesed i hope if ifound help in this proble
    some of commands i test
     
  16. khalled

    khalled Active Member

    Joined:
    Jan 8, 2011
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    thanks it run and i do the following if any suffer from that
    WHM»cPanel »Upgrade to Latest Version
    Upgrade to Latest Version

    check Force a reinstall even if the system is up to date. and Upgrade
     
  17. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    569
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Yes, an upgrade (upcp) can usually solve problems like what you were experiencing. Thanks for updating this thread.
     
Loading...

Share This Page