Understanding "-remote- sender"

driansmith

• July 19, 2018 04:34

I seem to have a massive number of failed and deferred emails in my "Email "View Sent Summary". Is there somewhere I can understand exactly what account/process is producing these spam emails? Currently running at 1000 emails per day. Apologies if the question is a little basic.

• 

  driansmith

  • July 19, 2018 10:40

  Perhaps these images help? Thanks

  0
• 

  cPanelLauren

  • July 20, 2018 17:55

  HI @driansmith In most cases behavior like this results from a script on the server being compromised. Can you run the following over SSH on your server: awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
  It should print the directories which the mail is originating from

  0
• 

  webmasteryoda

  • July 13, 2020 10:05

  I have exactly this kind of problem. Here is my output: 8023 cwd=/var/spool/exim 2544 cwd=/home/user1/public_html 1030 cwd=/etc/csf 392 cwd=/ 19 cwd=/home/user2/public_html 16 cwd=/home/user3/public_html 15 cwd=/home/user4/public_html Why so many Exim failures, and is it possible that user1 is generating these problems? EDIT: I have disabled user1 and spam stopped. So, the problem is solved, thanks to this command. Thank you

  0

Please sign in to leave a comment.