Skip to main content

How we can find who is add forwarder email in cPanel

Comments

3 comments

  • cPRex Jurassic Moderator
    Hey there! This type of activity would be stored in the main cPanel access log at /usr/local/cpanel/logs/access_log. Viewing the cPanel >> Forwarders page would cause this to show up in that log: 4.3.2.1 - username [05/18/2021:17:10:05 -0000] "GET /cpsess4473512384/frontend/paper_lantern/mail/fwds.html HTTP/1.1" 200 0 "https://1.2.3.4:2083/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "s" "-" 2083
    where the "4.3.2.1" IP is the user accessing the server. Clicking the blue "Add Forwarder" button leaves a log for the "/cpsess4473512384/frontend/paper_lantern/mail/addfwd.html" page in that log file. I hope that helps you track this down!
    0
  • Fadly
    Hi cPRex, Thank You for your info. i already see the log.. whats is different this log 1. x.x.x.x proxy userdomain1 [04/23/2021:02:04:27 with 2. x.x.x.x - userdomain2 [04/23/2021:04:16:10 #1 have PROXY and #2 don't have proxy. can you explain for me.. Thank You Fadly
    0
  • cPRex Jurassic Moderator
    Sure thing! this indicates the system was accessed with a proxy subdomain, like cpanel.domain.dom. It's common to see that in the logs, and doesn't indicate an issue with the user or the server.
    0

Please sign in to leave a comment.