Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Understanding "-remote- sender"

Discussion in 'E-mail Discussion' started by driansmith, Jul 19, 2018.

  1. driansmith

    driansmith Active Member

    Joined:
    Mar 12, 2008
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    Bournemouth
    cPanel Access Level:
    Root Administrator
    I seem to have a massive number of failed and deferred emails in my "Email »View Sent Summary".
    Is there somewhere I can understand exactly what account/process is producing these spam emails? Currently running at 1000 emails per day.

    Apologies if the question is a little basic.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 driansmith, Jul 19, 2018
    Last edited by a moderator: Jul 19, 2018
  2. driansmith

    driansmith Active Member

    Joined:
    Mar 12, 2008
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    Bournemouth
    cPanel Access Level:
    Root Administrator
    Perhaps these images help?
    Thanks
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,230
    Likes Received:
    161
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    HI @driansmith

    In most cases behavior like this results from a script on the server being compromised. Can you run the following over SSH on your server:

    Code:
    awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
    
    It should print the directories which the mail is originating from
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice