Where can I find IP logs?

[stantaylor]

AT&T blacklisted emails from us and I have successfully gotten them to unblock us. However, their message to me stated, "ADMINISTRATORS: Please thoroughly check your IP logs before requesting removal. You must determine that all traffic from the blocked IP is actually from your mail servers to ensure your network is not compromised." I have WHM access on my Bluehost site. I looked for IP logs, but could not find them. The only thing I really did was to delete the email account of one user who had an extremely high number of email messages.

I will greatly appreciate any help determining if our server has been compromised.

 

[cPanelMichael]

Hello

Email activity is logged to:

/var/log/exim_mainlog

The following document is a good place to start for preventing email abuse:

cPanel - Prevent Email Abuse

Thank you.

 

[stantaylor]

Thanks for the reply. I read the article, and most of the suggestions there were already implemented. I'm really new to WHM. Where do I find /var/log/exim_mainlog? I wonder if Bluehost gives me access to it.

 

[cPanelMichael]

You must access your server via SSH and you can review logs using typical linux commands such as "cat" or "tail". Note that you will likely have a difficult time on the command line without Linux experience.

Thank you.

 

[stantaylor]

You must access your server via SSH.. you will likely have a difficult time on the command line without Linux experience.

Thank you.

You're right. I looked at a how-to article, and it won't be worth my time right now. Thanks again for your time. Now I a little more informed than before.