Potential Spam Issue. Trying to Trace it.

W

WestBend

Well-Known Member
Oct 12, 2003
173
0
166
Getting 68 mb status files filled with the same thing


2006-11-07 18:12:31 1GhakR-0005t0-KG failed to expand condition "${perl{checkspam}}" for lookuphost router: Domain xxxxxxxxxx.com has exceeded the max emails per hour. Message discarded.

I am trying to figure out where this message would be located and how to track it. Can anyone help or can they point me to the exact location of the outgoing spool? I am using exim and mailscanner by chirpy.

The counter seems incorrect. It looks like the account is spamming but I cant find anywhere that would be possible. I have not had any reports of spam sent to me.

thanks!
 
AndyReed

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
WestBend said:
2006-11-07 18:12:31 1GhakR-0005t0-KG failed to expand condition "${perl{checkspam}}" for lookuphost router: Domain xxxxxxxxxx.com has exceeded the max emails per hour. Message discarded.
Click to expand...
Make sure that /etc/exim.pl is not missing. Run
/sbin/service MailScanner restart
and then set eximmailtrap=0 in /var/cpanel/cpanel.config

If that doesn't help,
/scripts/eximup --force
 
W

WestBend

Well-Known Member
Oct 12, 2003
173
0
166
thanks Andy,
This I found the script that was doing something funky.

What is eximmailtrap=0?

i do have a eximmailtrap file but its blank in /etc
thanks!
 
chirpy

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
AndyReed said:
Make sure that /etc/exim.pl is not missing. Run
/sbin/service MailScanner restart
and then set eximmailtrap=0 in /var/cpanel/cpanel.config

If that doesn't help,
/scripts/eximup --force
Click to expand...
Those have nothing to do with the OP's problem and ding them won't help at all in this situation.

WestBend, glad you found the culprit. In future, if you haven't already, it's best to make sure you have extended exim logging enabled with the following inthe first textarea in the advanced mode Exim Configuration Editor:

log_selector = +subject +arguments

In future, you'll see a line with cwd=/home/username/blah... that will help identify from which directory the offending script is being run from to help you track it down.
 
W

WestBend

Well-Known Member
Oct 12, 2003
173
0
166
thanks Chirpy! that is a fantastic little piece of code.
btw you installed the MailScanner! lol
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C Take away domain and/or users from "Number of unique recipients per hour to trigger potential spammer notification." Email 3
davetanguay Select the action for the system to take on an email account when it detects a potential spammer Email 5
K cPanel 74 - Potential spammer feature limited Email 3
Nile Youth SOLVED Message was blocked because its content presents a potential security issue Email 12
T SpamCop.net & potentially executable attachment... Email 0
Similar threads
Take away domain and/or users from "Number of unique recipients per hour to trigger potential spammer notification."
Select the action for the system to take on an email account when it detects a potential spammer
cPanel 74 - Potential spammer feature limited
SOLVED Message was blocked because its content presents a potential security issue
SpamCop.net & potentially executable attachment...
Top Bottom