Potential Spam Issue. Trying to Trace it.

WestBend

Well-Known Member
Oct 12, 2003
173
0
166
Getting 68 mb status files filled with the same thing


2006-11-07 18:12:31 1GhakR-0005t0-KG failed to expand condition "${perl{checkspam}}" for lookuphost router: Domain xxxxxxxxxx.com has exceeded the max emails per hour. Message discarded.

I am trying to figure out where this message would be located and how to track it. Can anyone help or can they point me to the exact location of the outgoing spool? I am using exim and mailscanner by chirpy.

The counter seems incorrect. It looks like the account is spamming but I cant find anywhere that would be possible. I have not had any reports of spam sent to me.

thanks!
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
2006-11-07 18:12:31 1GhakR-0005t0-KG failed to expand condition "${perl{checkspam}}" for lookuphost router: Domain xxxxxxxxxx.com has exceeded the max emails per hour. Message discarded.
Make sure that /etc/exim.pl is not missing. Run
/sbin/service MailScanner restart
and then set eximmailtrap=0 in /var/cpanel/cpanel.config

If that doesn't help,
/scripts/eximup --force
 

WestBend

Well-Known Member
Oct 12, 2003
173
0
166
thanks Andy,
This I found the script that was doing something funky.

What is eximmailtrap=0?

i do have a eximmailtrap file but its blank in /etc
thanks!
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
Make sure that /etc/exim.pl is not missing. Run
/sbin/service MailScanner restart
and then set eximmailtrap=0 in /var/cpanel/cpanel.config

If that doesn't help,
/scripts/eximup --force
Those have nothing to do with the OP's problem and ding them won't help at all in this situation.

WestBend, glad you found the culprit. In future, if you haven't already, it's best to make sure you have extended exim logging enabled with the following inthe first textarea in the advanced mode Exim Configuration Editor:

log_selector = +subject +arguments

In future, you'll see a line with cwd=/home/username/blah... that will help identify from which directory the offending script is being run from to help you track it down.
 

WestBend

Well-Known Member
Oct 12, 2003
173
0
166
thanks Chirpy! that is a fantastic little piece of code.
btw you installed the MailScanner! lol