Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Status check triggers false LFD alerts

Discussion in 'Security' started by Daniel Yi, Nov 7, 2017.

  1. Daniel Yi

    Daniel Yi Registered

    Joined:
    Nov 7, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    New York
    cPanel Access Level:
    Root Administrator
    Hello.

    I'm receiving this alert email every 10 minutes. Seems whenever 1H software checks the status of exim, it logs it. Can't seem to find any evidence of actual emails being sent. After exhaustive searching, can't seem to find anything related to LFD and 1H.

    Would appreciate some help.


    Code:
    Time: Tue Nov 7 14:20:36 2017 -0600
    Path: '/home/1h'
    Count: 101 emails sent
    
    Sample of the first 10 emails:
    
    2017-11-07 14:10:36 cwd=/home/1h 2 args: /usr/sbin/exim -bpc
    2017-11-07 14:10:42 cwd=/home/1h 2 args: /usr/sbin/exim -bpc
    2017-11-07 14:10:48 cwd=/home/1h 2 args: /usr/sbin/exim -bpc
    2017-11-07 14:10:54 cwd=/home/1h 2 args: /usr/sbin/exim -bpc
    2017-11-07 14:11:00 cwd=/home/1h 2 args: /usr/sbin/exim -bpc
    2017-11-07 14:11:06 cwd=/home/1h 2 args: /usr/sbin/exim -bpc
    2017-11-07 14:11:12 cwd=/home/1h 2 args: /usr/sbin/exim -bpc
    2017-11-07 14:11:18 cwd=/home/1h 2 args: /usr/sbin/exim -bpc
    2017-11-07 14:11:24 cwd=/home/1h 2 args: /usr/sbin/exim -bpc
    2017-11-07 14:11:30 cwd=/home/1h 2 args: /usr/sbin/exim -bpc
    
    
    Possible Scripts:
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,509
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Have you tried searching for the message subject? EX:

    Code:
    exigrep subject /var/log/exim_mainlog
    Thank you.
     
  3. Daniel Yi

    Daniel Yi Registered

    Joined:
    Nov 7, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    New York
    cPanel Access Level:
    Root Administrator
    No emails sent. It seems that whenever 1H checks the status of exim, LFD thinks it's sending an email.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,509
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page