The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Quantity of emails sent shoot up once a week.

Discussion in 'E-mail Discussions' started by SuperBaby, Dec 26, 2008.

  1. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    I use dyndns.com's smtp to send out all emails to Yahoo email addresses. From the statistic report under dyndns.com, I can see that the emails sent to Yahoo email addresses are usually less than 50 emails per day. But once a week, the emails sent will shoot up to more than 300.

    I have many accounts in my server. I cannot possibly look into the crontab of all accounts. Is there a way for me to find out who is sending out bulk mails? Is there a way to check from /var/log/exim_mainlog?

    How can I stop this?
     
  2. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    tail the exim log using 'tail -f /var/log/exim_mainlog' for sometime and notice any scripts usually with the format "cwd=/home/username/public_html" or alternately, you can try this.

    grep "cwd=/home/" /var/log/exim_mainlog

    This will give you the usernames that are generating mails through scripts.
     
  3. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    Thank you for your advice. I tried grep "cwd=/home/" /var/log/exim_mainlog but I don't think the emails were sent by scripts. This is because I only get a few lines of result running this command. Any other thing I can try. Thanks again.
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    The only way for something to send messages and not have them appear in exim_mainlog is for them to be sent direct via port 25. Either cpanel or CSF have the ability to block direct port 25 outgoing email and your should ensure that it is ALWAYS blocked (as you can't log it, and spammers love to use this bypass).

    You should be grepping exim_mainlog for something like:

    Code:
    grep '=>.*@yahoo.com' exim_mainlog
    which will tell you what emails are being sent to yahoo. Replace "grep" with "exigrep" to see the entire log message for each message.
     
  5. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    To BRIANOZ,

    My CFS currently has this setting. Is that correct?

     
  6. dave6166

    dave6166 Registered

    Joined:
    Jan 31, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    tail the exim log using 'tail -f /var/log/exim_mainlog' for sometime and notice any scripts usually with the format "cwd=/home/username/public_html
     
  7. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Looks correct to me; I'm not a CSF guru though (it's CSF not CFS!).
     
Loading...

Share This Page