Symptoms
System notifications report "The system has detected an unusually large amount of outbound email.".
Description
A system email is received detailing that a large number of outbound emails have been detected by a user on the server. The email will resemble:
The system has detected an unusually large amount of outbound email.
It is possible that the following email address has been sending spam from your server:
user@domain.tld
The system detected that this email account sent messages to a large number=
of distinct recipients in an hour.
The system holds outbound emails from this email account because you config=
ured the system to automatically hold email from accounts that it detects a=
s potential spammers.
Workaround
You may use the following command to confirm mail is originating from the referenced user:
grep EMAILADDRESS /var/log/exim_mainlog | grep DATE |wc -l
Please note, you need to replace the values EMAILADDRESS & DATE with the relevant user and date.
These emails are often generated by a user script, which may be found with the following command:
grep 'cwd=/home/USERNAME' /var/log/exim_mainlog | sort | uniq -c | sort -n
Please note, you need to replace USERNAME with the actual cPanel user.
The results of this will need to be evaluated by a systems administrator in order to ascertain if the mailings are legitimate.
Comments
0 comments
Article is closed for comments.