The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Potential Spam Issue. Trying to Trace it.

Discussion in 'General Discussion' started by WestBend, Nov 7, 2006.

  1. WestBend

    WestBend Well-Known Member

    Joined:
    Oct 12, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    Getting 68 mb status files filled with the same thing


    2006-11-07 18:12:31 1GhakR-0005t0-KG failed to expand condition "${perl{checkspam}}" for lookuphost router: Domain xxxxxxxxxx.com has exceeded the max emails per hour. Message discarded.

    I am trying to figure out where this message would be located and how to track it. Can anyone help or can they point me to the exact location of the outgoing spool? I am using exim and mailscanner by chirpy.

    The counter seems incorrect. It looks like the account is spamming but I cant find anywhere that would be possible. I have not had any reports of spam sent to me.

    thanks!
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Make sure that /etc/exim.pl is not missing. Run
    /sbin/service MailScanner restart
    and then set eximmailtrap=0 in /var/cpanel/cpanel.config

    If that doesn't help,
    /scripts/eximup --force
     
  3. WestBend

    WestBend Well-Known Member

    Joined:
    Oct 12, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    thanks Andy,
    This I found the script that was doing something funky.

    What is eximmailtrap=0?

    i do have a eximmailtrap file but its blank in /etc
    thanks!
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Those have nothing to do with the OP's problem and ding them won't help at all in this situation.

    WestBend, glad you found the culprit. In future, if you haven't already, it's best to make sure you have extended exim logging enabled with the following inthe first textarea in the advanced mode Exim Configuration Editor:

    log_selector = +subject +arguments

    In future, you'll see a line with cwd=/home/username/blah... that will help identify from which directory the offending script is being run from to help you track it down.
     
  5. WestBend

    WestBend Well-Known Member

    Joined:
    Oct 12, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    thanks Chirpy! that is a fantastic little piece of code.
    btw you installed the MailScanner! lol
     
Loading...

Share This Page