Symptoms
System notifications report "The system has detected an unusually large amount of outbound email".
Cause
A system email is received detailing that a large number of outbound emails have been detected by a user on the server. The email will resemble:
CONFIG_TEXT: The system has detected an unusually large amount of outbound email.
It is possible that the following email address has been sending spam from your server:
user@domain.tld
The system detected that this email account sent messages to a large number=
of distinct recipients in an hour.
The system holds outbound emails from this email account because you config=
ured the system to automatically hold email from accounts that it detects a=
s potential spammers.
Resolution
You may use the following command to confirm that mail is originating from the referenced user:
# grep EMAILADDRESS /var/log/exim_mainlog | grep DATE |wc -l
Note: You need to replace the values "EMAILADDRESS" and "DATE" with the relevant email address and date in the above command.
These emails are often generated by a user script, which may be found with the following command:
# grep 'cwd=/home/USERNAME' /var/log/exim_mainlog | sort | uniq -c | sort -n
Note: You need to replace "USERNAME" with the actual cPanel username.
The results of this will need to be evaluated by a systems administrator in order to ascertain if the mailings are legitimate.
Comments
0 comments
Article is closed for comments.