[CPANEL-20345] eximstats_spam_check cron job always sends root notification

swbrains

• April 02, 2018 09:50

Hi, I have checked in WHM contact manager, and this notification is set to disabled, yet I receive several of them every day (I have one legitimate customer who sends a lot of emails throughout the day). Still I'd like to disable it (or be able to configure it to a higher threshold). But why does it still send the notification if I've disabled it?51523

• 

  63bus

  • April 02, 2018 15:15

  Yes, disabling the above turned off one message but I'm getting the email below all the time since my site sends out tons of legitimate email. warn [eximstats_spam_check] The system has detected an unusually large amount of outbound email. The following sender(s) may be sending spam:

  0
• 

  cPanelMichael

  • April 03, 2018 14:33

  Hello @63bus and @swbrains, There's an internal case (CPANEL-20345) open to address an issue where the server's root contact email address receives a notification from crond when eximstats_spam_check runs as part of the following root cron job: 5,20,35,50 * * * * /usr/local/cpanel/scripts/eximstats_spam_check 2>&1 This is independent of the Large Amount of Outbound Email Detected notification type. It's tentatively planned for inclusion with cPanel & WHM version 74. In the meantime, one workaround is to setup an email filter for the email account that receives root notifications with a rule that delete emails matching the contents of the subject or message body. Then, once the case is published, remove the email filter. Thank you. Edit: CPANEL-20345 is now scheduled for inclusion with cPanel & WHM version 74.

  0
• 

  swbrains

  • April 04, 2018 01:42

  Thanks. Did this change recently? I checked my trash (where these are being filtered) and these notifications only started as of 3/29/2018. Oh great. I just mistyped crontab -r instead of crontab -e and deleted my crontab file. Now I have bigger problems. Why does crontab -r NOT prompt for confirmation, especially since the E and R keys are right next to each other on the keyboard? Any ideas how to locate a backup of this file or regenerate a default crontab file?

  0
• 

  rclemings

  • April 04, 2018 02:33

  Try /var/spool/cron/root for the default.

  0
• 

  cPanelMichael

  • April 04, 2018 15:49

  Thanks. Did this change recently? I checked my trash (where these are being filtered) and these notifications only started as of 3/29/2018.

  
  Yes, the following case was included in the most recent cPanel & WHM version 68 build: Fixed case CPANEL-19455: New crontab breaking update on upgrade. This added the cron job on systems where it was missing.

  Any ideas how to locate a backup of this file or regenerate a default crontab file?

  
  Here's the default root crontab for cPanel & WHM version 68: 0 6 * * * /usr/local/cpanel/scripts/exim_tidydb > /dev/null 2>&1 30 5 * * * /usr/local/cpanel/scripts/optimize_eximstats > /dev/null 2>&1 @reboot /usr/local/cpanel/bin/onboot_handler 26 22 * * * /usr/local/cpanel/whostmgr/docroot/cgi/cpaddons_report.pl --notify 12 3 * * * /usr/local/cpanel/scripts/upcp --cron 0 1 * * * /usr/local/cpanel/scripts/cpbackup 0 2 * * * /usr/local/cpanel/bin/backup 35 * * * * /usr/bin/test -x /usr/local/cpanel/bin/tail-check && /usr/local/cpanel/bin/tail-check 5,20,35,50 * * * * /usr/local/cpanel/scripts/eximstats_spam_check 2>&1 45 */4 * * * /usr/bin/test -x /usr/local/cpanel/scripts/update_mailman_cache && /usr/local/cpanel/scripts/update_mailman_cache 30 */4 * * * /usr/bin/test -x /usr/local/cpanel/scripts/update_db_cache && /usr/local/cpanel/scripts/update_db_cache 30 */2 * * * /usr/local/cpanel/bin/mysqluserstore >/dev/null 2>&1 15 */2 * * * /usr/local/cpanel/bin/dbindex >/dev/null 2>&1 15 */6 * * * /usr/local/cpanel/scripts/autorepair recoverymgmt >/dev/null 2>&1 */5 * * * * /usr/local/cpanel/scripts/dcpumon-wrapper >/dev/null 2>&1 09,39 * * * * /usr/local/cpanel/scripts/clean_user_php_sessions > /dev/null 2>&1 8,23,38,53 * * * * /usr/local/cpanel/whostmgr/bin/dnsqueue > /dev/null 2>&1
  Thank you.

  0
• 

  dfkern

  • April 06, 2018 20:53

  Ideally, there would be a setting that would set the warning , > X where x is some adjustibla limit.

  0
• 

  cPanelMichael

  • April 09, 2018 13:38

  > X where x is some adjustibla limit.

  
  Hello @dfkern We plan to expand upon this feature in cPanel & WHM version 72 by adding the Number of unique recipients per hour to trigger potential spammer notification. option in the Mail tab of WHM >> Home >> Server Configuration >> Tweak Settings. This setting will allow you to specify the number of emails that any account may send in one hour before the system sends an alert notification. Thank you.

  0
• 

  rclemings

  • April 09, 2018 14:40

  [moved to ]

  0
• 

  cPanelMichael

  • April 09, 2018 14:44

  Hi @rclemings, Your post was moved to the following thread: Thank you.

  0
• 

  petersphilo

  • June 14, 2018 11:25

  In the meantime, one workaround to disable these notifications would be to modify this root cron job with the "crontab -e" command so that it's configured to only run once per year.

  
  Sorry for reviving this thread.. One of the servers i manage is running WHM 70.x, and sends somewhat large mailers a couple of times a week, so this notification is driving me bonkers... if i simply remove the line below from the root cron file, will it be re-added by the updater once the server is updated to v72.x (where it is allegedly fixed)? 5,20,35,50 * * * * /usr/local/cpanel/scripts/eximstats_spam_check 2>&1
  Also, does this command perform other kinds of checks? if so, i don't want to give up any chance of catching illicit spam behavior.. Thank you!

  0
• 

  cPanelMichael

  • June 14, 2018 15:30

  Hello @petersphilo, Can you verify that Large Amount of Outbound Email Detected is set to Disabled under the Notifications tab in WHM >> Contact Manager? That's the supported method of disabling the notification. The issue referenced on this thread (CPANEL-19455) isn't regarding the notification itself, but instead relates to the eximstats_spam_check cron job using the warning output instead of the info output. Rather than modifying the cron job itself, a better approach is to simply setup a temporary email filter that deletes this particular email for your email account that receives root notifications. Then, once the case is published, remove the email filter. I've modified the earlier post to reflect this workaround instead of the cron job modification steps. Thank you.

  0
• 

  JanKrohn

  • June 27, 2018 09:22

  Now that version 72 is released, I've not noticed any changes. I've done the configuration both in Contact Manager as well as Tweak Settings, but still receive the messages.

  0
• 

  cPanelMichael

  • June 27, 2018 12:59

  Hello @JanKrohn, A request to backport internal case CPANEL-20345 into cPanel & WHM version 72 is still open at this time, but at the moment it's currently scheduled for inclusion with cPanel & WHM version 74. I've modified the earlier response to reflect this, and I'll update this thread again if that changes. In the meantime, the recommended workaround is to setup an email filter for the email account that receives root notifications with a rule that delete emails matching the contents of the subject or message body. Then, once the case is published, remove the email filter. Thank you.

  0
• 

  cPanelMichael

  • August 07, 2018 21:26

  Hello, To update, this case is included with cPanel & WHM version 74: Fixed case CPANEL-20345: Changed eximstats_spam_check main output to info. Version 74 is now available on the RELEASE tier. You can read more about it at:

  0

Please sign in to leave a comment.