cPanel account receiving login notifications

Havri

• June 15, 2018 05:18

Hello, A client of ours is receiving some notifications about logins: Successful Login as "contact@my-domain.tld" from a Known Network Domain: my-domain.tld Service: dovecot Local IP Address: 172.23.23.23 Local Port: 993 Remote IP Address: 222.222.222.222 Remote Port: 6601 Authentication Database: mail Username: contact@my-domain.tld Known Network ": Yes ?
I've looked in the Contact information section in their cPanel, but the contact addresses do not match the email address that is receiving these notifications. For example, the email account that is receiving the notifications is "contact@my-domain.tld", but in the cPanel -> Contact Information section there are other 2 email accounts "office@another-domain.tld" and "someuser@gmail.com". How can these notifications be disabled? Is this a cPanel account setting or some specific webmail configuration (roundcube, horde, etc.).? Let me know if you need any other info Thank you.

• 

  webhostuk

  • June 15, 2018 10:31

  Is this user also have WHM access, if so the email alert setting for this domain will be setup in his WHM and not Cpanel. I am just trying to confirm if he has WHM as well.

  0
• 

  Havri

  • June 15, 2018 11:52

  Hello, No, the user isn't a reseller so it doesn't have access to WHM. It's a simple cPanel account. Thank you.

  0
• 

  cPanelLauren

  • June 15, 2018 14:56

  Hi @Havri Does the user have any forwarders on the account? If the mail is sent to a different email address than what's on file that would be the only explanation that I can think of. If you're able to access the server via SSH the email transaction details at /var/log/exim_mainlog would be extremely useful in explaining what occurred as well. Thanks!

  0
• 

  Havri

  • June 16, 2018 07:40

  Hello, The account does have a forwarder set up, but the contact@my-domain.tld address is the sender and someuser@gmail.com is the address that all mails are being forwarded to. Not the other way around. Here's an entry from exim_mainlog that captures the SMTP transaction: 2018-06-15 22:26:08 1fTuMK-00CgNR-4v <= cpanel@my-domain.tld H=(localhost.localdomain) [127.0.0.1]:41301 I=[127.0.0.1]:25 P=esmtp S=39592 id=1529090768.QMxvesMMjnnYF8YW@abc07.octosquid.com T="[my-domain.tld] \342\234\224 Login as contact@my-domain.tld from a Known Network IP Address 92.82.230.198" from for contact@my-domain.tld someuser@gmail.com 2018-06-15 22:26:08 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1fTuMK-00CgNR-4v 2018-06-15 22:26:08 1fTuMK-00CgNR-4v SMTP connection identification H=localhost A=127.0.0.1 P=41301 M=1fTuMK-00CgNR-4v U=root ID=0 S=root B=authenticated_local_user 2018-06-15 22:26:08 1fTuMK-00CgNR-4v Sender identification U=root D=-system- S=root 2018-06-15 22:26:08 1fTuMK-00CgNR-4v SMTP connection identification H=localhost A=127.0.0.1 P=41301 M=1fTuMK-00CgNR-4v U=root ID=0 S=root B=authenticated_local_user 2018-06-15 22:26:08 1fTuMK-00CgNR-4v Sender identification U=root D=-system- S=root 2018-06-15 22:26:08 1fTuMK-00CgNR-4v => contact F= R=virtual_user T=dovecot_virtual_delivery S=40434 C="250 2.0.0 yMFPHNASJFv8Hy4AXL/IpQ Saved" 2018-06-15 22:26:10 1fTuMK-00CgNR-4v => someuser@gmail.com (contact@my-domain.tld) F= R=lookuphost T=remote_smtp S=40752 H=gmail-smtp-in.l.google.com [74.125.133.26] I=[122.122.122.122] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes DN="/C=US/ST=California/L=Mountain View/O=Google LLC/CN=mx.google.com" C="250 2.0.0 OK 1529090772 g30-v6si7950367wrd.88 - gsmtp" 2018-06-15 22:26:10 1fTuMK-00CgNR-4v Completed
  I am also sending an attachment with the contact info settings from the account. As you can see, the option "Someone logs in to my account." isn't checked, so there shouldn't be any login notifications. Let me know if you need any other info to get this solved. Thank you.

  0
• 

  cPanelLauren

  • June 18, 2018 12:55

  Hi @Havri The mail transaction clearly shows a forwarder from contact@my-domain.tld ->> someuser@gmail.com Does this user have root/whm access to the server? If so can you let me know what is set at WHM>>Server Contacts>>Edit System Mail Preferences? Thanks!

  0
• 

  Havri

  • June 20, 2018 12:47

  Hello, Exactly, it shows entries with contact@my-domain.tld and someuser@gmail.com as the recipients of the mails from cpanel@my-domain.tld. The problem is that this contact@my-domain.tld mail address isn't put as a contact address in any cPanel forms (cPanel -> Contact Information, WHM>>Server Contacts>>Edit System Mail Preferences, etc.). It is just a simple email account. This account shouldn't get a notification from cpanel@my-domain.tld as per current settings. Regarding the account, this is just a simple cPanel account, not a reseller. Thank you.

  0
• 

  cPanelLauren

  • June 20, 2018 14:36

  Hi @Havri Could you please open a ticket using the link in my signature? Once open please update this thread with the ticket ID so that we can follow up here with the outcome. Thanks!

  0
• 

  Havri

  • June 21, 2018 08:38

  Hello, I tried to open a ticket but it shows me an error saying that the IP or Support Access ID is not correct. Also, I saw that your license check page does not work. Please see the 2 attachments. The server has a cPanel license. Thank you.

  0
• 

  Infopro

  • June 21, 2018 09:35

  cPanel System Administration is aware of an issue related to the ticket system and is working to resolve it as quickly as possible. Please check back later.

  0
• 

  cPanelLauren

  • June 21, 2018 12:09

  HI @Havri I'm so sorry about that, it looks like we had some issues overnight. The issue should be resolved now can you please try again? Thanks!

  0
• 

  Havri

  • June 21, 2018 17:02

  Hello, I just did: Your support request ID: 9768251 Thank you.

  0
• 

  cPanelLauren

  • June 21, 2018 17:08

  Hi @Havri Thanks! I'm watching that ticket and I've added a note to check this thread for information as well. I'll update here as soon as we know the outcome of the ticket. Thank you,

  0
• 

  Havri

  • June 22, 2018 07:21

  Hello, Well, this is a bit embarrassing on my part. I thought that login notifications can only be activated at a cPanel account level, not for each individual email account login. For those that don't know, you can set a per email account login notifications in -> Email Accounts -> office@my-domain.tld -> Access Webmail -> In the upper right corner click on the email address that is just to the left of the Logout button so that a dropdown menu shows -> Contact Information. Thank you for your support. Best regards.

  0
• 

  cPanelLauren

  • June 22, 2018 13:38

  Hi @Havri Please don't be embarrassed, I think you've helped many others today! Thank you for updating the thread as to the result of the ticket and how to resolve the issue. Thank you!

  0

Please sign in to leave a comment.