unordinary amount of emails from our email server

stingray34

Member
Sep 6, 2013
19
0
1
cPanel Access Level
Root Administrator
Hi,
I am brand new to cPanel and need help.
Seems like our email server was used to relay spam mails in the past few days. I enabled "SMTP restrictions", and I don't see any email sent from our email server any more except our legitimate users.

However, it shows unordinary amount of email under "View Relayers" while "detailed Report" show just a little amount.

Also, SenderBase shows a big amount of emails.
We are not on any major blacklists.

My questions are:
1. What am I missing? Why does it show a lot of emails sent?
2. Is there any site to check if my domain is on Google's spam list or bulk email sender list?

Please advise.
 

ES - George

Well-Known Member
PartnerNOC
Jun 12, 2011
179
24
68
UK
cPanel Access Level
DataCenter Provider
Twitter

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello :)

I recommend checking your mail queue, and also checking the following log file:

Code:
/var/log/exim_mainlog
You should be able to tell if SPAM is being sent out based on the activity in the exim_mainlog file.

Thank you.
 

stingray34

Member
Sep 6, 2013
19
0
1
cPanel Access Level
Root Administrator
Thank you for the links.
When spammers use our mail server for spamming, it does not show in the list from cPaenl. Is there any way to see every email sent?

In "How to Prevent Email Abuse"
Step 1 (enabling SMTP Restrictions), and Step 2 (preventing nobody system user) were already in place.
Not sure about Step 3 (suPHP and suExec or mod_ruid2) It shows PHP Handler dso, suEXEC is on.

Step 4 (Max hourly emails setting) - How does this work?
You don't know when spammers attack you, and if you set it, no one in the domain will be able to send any mails once it goes above the threshold.

Is there any way to allow emails to be sent only with authentication with password? (Our users use Outlook2010)

Lastly, which upgrading and updating is important? For Windows systems, security patches are monthly installed, but as for CentOS and cPanel/WHM, which needs to be always up to date?

Thank you!
 

stingray34

Member
Sep 6, 2013
19
0
1
cPanel Access Level
Root Administrator
cPanelMichael,

I am so sorry, I don't even know how to access a console on a remote server. Is it time for me to learn SSH? Or is there any way to do so from cPanel/WHM?

Thanks.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
I am so sorry, I don't even know how to access a console on a remote server. Is it time for me to learn SSH? Or is there any way to do so from cPanel/WHM?
Yes, SSH is required in order for you to review the Exim logs directly. You may want to consult with a qualified system administrator if you are not comfortable using SSH.

Thank you.
 

stingray34

Member
Sep 6, 2013
19
0
1
cPanel Access Level
Root Administrator
cPanelMichael,

Thank you very much for your response. I will look into SSH.

By the way, how can I make the mail server secure enough to stop this?
Is there a way to run a virus check on the system?

I am so lost.
 

24x7server

Well-Known Member
Apr 17, 2013
1,896
91
78
India
cPanel Access Level
Root Administrator
Hello,

May be you are logged in your server through wheel user and due to that you are getting "permission denied" massages. Try to switch your user through "su -" command and enter your root password and then check your exim_mainlog file.
 

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
I found exim_mainlog via SSH connection, but how can I open it? "cat exim_mainlog" gets "permission denied".
There are other ways to view that log.

If you've got CSF installed there's a log viewer built in:
ConfigServer Security and Firewall | cPanel App Catalog

Or you might like this log viewer, called logview:
Logview – LogView – Slick UI for Ease of Use | cPanel App Catalog

Both are far easier for a user not used to working via shell to take a closer look at logs quickly.

HTH!
 

stingray34

Member
Sep 6, 2013
19
0
1
cPanel Access Level
Root Administrator
24x7server,
I am truly sorry, that I did not respond right away.
Yes, changing the user from admin to su - gave me the access. I did not know how to give an FTP account access to var/tmp/log, so I simply had to move the log file. However my limited knowledge did not let me dissect the log...But thank you so much!!!

Infopro,
Thank you for your suggestions. Again, truly apologize for the late reply.
Maybe when I gain more knowledge, then I can install programs, or run a script. What I am afraid is that I cannot revert it. If it is through cPanel, then I would feel a little more comfortable.

But it's great to know that there are options for log files.