The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

unordinary amount of emails from our email server

Discussion in 'Security' started by stingray34, Sep 6, 2013.

  1. stingray34

    stingray34 Member

    Joined:
    Sep 6, 2013
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,
    I am brand new to cPanel and need help.
    Seems like our email server was used to relay spam mails in the past few days. I enabled "SMTP restrictions", and I don't see any email sent from our email server any more except our legitimate users.

    However, it shows unordinary amount of email under "View Relayers" while "detailed Report" show just a little amount.

    Also, SenderBase shows a big amount of emails.
    We are not on any major blacklists.

    My questions are:
    1. What am I missing? Why does it show a lot of emails sent?
    2. Is there any site to check if my domain is on Google's spam list or bulk email sender list?

    Please advise.
     
  2. ES - George

    ES - George Well-Known Member
    PartnerNOC

    Joined:
    Jun 12, 2011
    Messages:
    142
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    UK
    cPanel Access Level:
    Root Administrator
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I recommend checking your mail queue, and also checking the following log file:

    Code:
    /var/log/exim_mainlog
    You should be able to tell if SPAM is being sent out based on the activity in the exim_mainlog file.

    Thank you.
     
  4. stingray34

    stingray34 Member

    Joined:
    Sep 6, 2013
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you for the links.
    When spammers use our mail server for spamming, it does not show in the list from cPaenl. Is there any way to see every email sent?

    In "How to Prevent Email Abuse"
    Step 1 (enabling SMTP Restrictions), and Step 2 (preventing nobody system user) were already in place.
    Not sure about Step 3 (suPHP and suExec or mod_ruid2) It shows PHP Handler dso, suEXEC is on.

    Step 4 (Max hourly emails setting) - How does this work?
    You don't know when spammers attack you, and if you set it, no one in the domain will be able to send any mails once it goes above the threshold.

    Is there any way to allow emails to be sent only with authentication with password? (Our users use Outlook2010)

    Lastly, which upgrading and updating is important? For Windows systems, security patches are monthly installed, but as for CentOS and cPanel/WHM, which needs to be always up to date?

    Thank you!
     
  5. stingray34

    stingray34 Member

    Joined:
    Sep 6, 2013
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    cPanelMichael,

    I am so sorry, I don't even know how to access a console on a remote server. Is it time for me to learn SSH? Or is there any way to do so from cPanel/WHM?

    Thanks.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, SSH is required in order for you to review the Exim logs directly. You may want to consult with a qualified system administrator if you are not comfortable using SSH.

    Thank you.
     
  7. stingray34

    stingray34 Member

    Joined:
    Sep 6, 2013
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    cPanelMichael,

    Thank you very much for your response. I will look into SSH.

    By the way, how can I make the mail server secure enough to stop this?
    Is there a way to run a virus check on the system?

    I am so lost.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The following document is useful for information on preventing email abuse:

    cPanel - Prevent Email Abuse

    Thank you.
     
  9. stingray34

    stingray34 Member

    Joined:
    Sep 6, 2013
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I found exim_mainlog via SSH connection, but how can I open it? "cat exim_mainlog" gets "permission denied".
     
  10. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    May be you are logged in your server through wheel user and due to that you are getting "permission denied" massages. Try to switch your user through "su -" command and enter your root password and then check your exim_mainlog file.
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    There are other ways to view that log.

    If you've got CSF installed there's a log viewer built in:
    ConfigServer Security and Firewall | cPanel App Catalog

    Or you might like this log viewer, called logview:
    Logview – LogView – Slick UI for Ease of Use | cPanel App Catalog

    Both are far easier for a user not used to working via shell to take a closer look at logs quickly.

    HTH!
     
  12. stingray34

    stingray34 Member

    Joined:
    Sep 6, 2013
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    24x7server,
    I am truly sorry, that I did not respond right away.
    Yes, changing the user from admin to su - gave me the access. I did not know how to give an FTP account access to var/tmp/log, so I simply had to move the log file. However my limited knowledge did not let me dissect the log...But thank you so much!!!

    Infopro,
    Thank you for your suggestions. Again, truly apologize for the late reply.
    Maybe when I gain more knowledge, then I can install programs, or run a script. What I am afraid is that I cannot revert it. If it is through cPanel, then I would feel a little more comfortable.

    But it's great to know that there are options for log files.
     

Share This Page