find source of incoming emails

asmithjr

• July 21, 2020 13:17

I've created a problem for myself over the years. I thought I was being smart creating alias each time I had to provide an email to an external source. The thought was just do away with the alias when I found that email was being spammed. Now years later the email spam is out of control on my server. Is there a good way to find out which alias email is being hit with all the spam? I am not sure my main email is getting all the junk email or if it is coming from one of the alias accounts. Thanks

• 

  keat63

  • July 22, 2020 07:13

  Without me digging through my own mail logs, I don't entirely know the answer. However, it would help others if you could tell us whether you have root access or if you are a web site owner. Do you have access to WHM or Cpanel only?

  0
• 

  keat63

  • July 22, 2020 08:34

  I'm using forwarders for some of our sales orders. I opened one up and can quite clearly see in the message headers where it was originally sent. In fact, I'm struggling to see anything related to the mailbox it actually landed in.

  0
• 

  asmithjr

  • July 22, 2020 11:23

  I do have root access. This is a small VPS and I manage the server with full access.

  0
• 

  andrew.n

  • July 22, 2020 14:26

  Well the info you are looking for is definitely in /var/log/exim_mainlog but if you have many email accounts it will be a bit difficult to read. This script makes it a bit easier to track things down:

  0
• 

  keat63

  • July 22, 2020 14:39

  I just sent myself an email from gmail via an alias, and I can clearly see the alias in the headers Return-Path: Delivered-To: me@work.co.uk Received: from xxxxxxxxxxxxxxxxxxxxxxxx by xxxxxxxxxxxxxxxxx with LMTP id SGuVEbdOGF8UVwAAejhMJg (envelope-from ) for ; Wed, 22 Jul 2020 15:35:35 +0100 Return-path: Envelope-to: alias@work.co.uk

  0
• 

  andrew.n

  • July 22, 2020 14:41

  right....so what's the problem here?

  0
• 

  cPanelLauren

  • July 22, 2020 19:19

  @andrew.n there isn't a problem @keat63 was showing the OP how to identify mail sent to an alias which is the question the user was asking. @asmithjr if I understand correctly the Aliases you created were just forwarders for accounts that do not exist correct? If this is the case and you removed those, but mail is still being accepted for those email accounts you could eliminate this problem entirely by going to cPanel >> Email >> Default Address and ensure the setting you have for unrouted mail (mail that is sent to doesntexist@yourdomain.tld) is not set to forward to an email address or your system account.

  0
• 

  andrew.n

  • July 22, 2020 19:22

  ah right I thought @keat63 is the OP.

  0
• 

  asmithjr

  • July 23, 2020 15:46

  What I found to work for me is: grep "al@heretohost.com" exim_mainlog | grep virtual | grep "(" | awk -F "(" '{print $2}' | awk -F ")" '{print $1}'
  My main address is al@domain.com, this shows me all email accounts from the exim_mainlog that were forwarded to my main address.

  0
• 

  ThomasA

  • July 24, 2020 01:50

  How to check properties of incoming emails ... You can also do View > Message Source (or ctrl + u) which shows you the actual characters ... I hope that help!

  0

Please sign in to leave a comment.