Mail Statistics Summary

khalled

• May 06, 2014 02:23

in WHM 11.42.1 when i review Mail Statistics Summary i found that the number of Messages received per hour is very huge and i actully used my server as host for vbulltine and send newsleletter weekly but not used it to recive mail, is that huge numer of mail i recived is the failure delivery Status Notification or there is other reason for this huge number of message i sea in Mail Statistics Summary and how to overcome this to decrase server load also there is some hours as show next the server not recive or send message what cause that Messages received per hour (each dot is 516 messages) 00-01 8520 ................ 01-02 13738 .......................... 02-03 13844 .......................... 03-04 4471 ........ 04-05 735 . 05-06 194 06-07 52 07-08 13 08-09 432 09-10 0 10-11 0 11-12 0 12-13 0 13-14 0 14-15 0 15-16 0 16-17 0 17-18 0 18-19 0 19-20 0 20-21 0 21-22 0 22-23 0 23-24 25807 .................................................. Deliveries per hour (each dot is 293 deliveries) 00-01 5500 .................. 01-02 5596 ................... 02-03 5347 .................. 03-04 2271 ....... 04-05 500 . 05-06 181 06-07 36 07-08 19 08-09 281 09-10 0 10-11 0 11-12 0 12-13 0 13-14 0 14-15 0 15-16 0 16-17 0 17-18 0 18-19 0 19-20 0 20-21 0 21-22 0 22-23 0 23-24 14644 .................................................

• 

  cPanelMichael

  • May 06, 2014 14:30

  Hello :) I recommend reviewing the following log file: /var/log/exim_mainlog
  This will give you a better idea about what email is received/sent from your server. Thank you.

  0
• 

  khalled

  • May 07, 2014 19:01

  [quote="cPanelMichael, post: 1638201">Hello :) I recommend reviewing the following log file: /var/log/exim_mainlog
  This will give you a better idea about what email is received/sent from your server. Thank you.
  when i go to check the file exim_mainlog i found it volume veru huge and difficult to downlaod and check it but from Mail Statistics Summary in WHM i found the following Mail Statistics Summary in attached word file, i hope if you can help me to analysis it

  0
• 

  cPanelMichael

  • May 07, 2014 19:33

  Try using the "tail" command to view the last several lines of /var/log/exim_mainlog. EX: tail -500 /var/log/exim_mainlog
  The mail statistics are helpful, but it's not going to really help you to determine the source/cause of the email activity. Thank you.

  0
• 

  khalled

  • May 07, 2014 20:25

  very thanks for help i run the "tail" command and i get the following can you help me anylsis it

  0
• 

  cPanelMichael

  • May 08, 2014 15:17

  Hello :) I removed the output you provided because it's not good practice to post real email addresses on a public forum. From what I noticed, the messages were mostly from: [QUOTE]/home/*****/public_html/images
  I suggest reviewing the script in that directory and determine if it's legitimate or should be removed for sending out SPAM. Thank you.

  0
• 

  khalled

  • May 08, 2014 16:18

  very thanks for your help and for removing the output, i will check and give feedback

  0
• 

  khalled

  • May 08, 2014 22:48

  you are right cPanelMichael , i found send.php file the path you refer to which send this massages and i delete it alos i temporary change the name of usr/sbin/sendmail to stop mail spam but when i check [QUOTE]tail -500 /var/log/exim_mainlog
  i still have the following message which seam to be spam massage, i try to Remove All messages From the Mail Queue but not succeed by using # exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash # exim -bp | exiqgrep -i | xargs exim -Mrm the result of "tail" command as show below (you can delete it after review if it is wrong to share) very thanks for your help - Removed -

  0
• 

  Infopro

  • May 09, 2014 10:39

  [QUOTE]you are right cPanelMichael, i found send.php file the path you refer to which send this massages
  How would an email script file get into the images directory, unless the account has been compromised? Spam coming out of that account may not be your only problem.

  0
• 

  khalled

  • May 09, 2014 12:10

  i search internet to Remove All messages From the Mail Queue and run many commands but the service exim (exim-4.82-3.cp1136) failed, and when try to restart it iget the error [QUOTE]Waiting for exim to restart...............................................................finished. exim has failed, please contact the sysadmin.
  is any way to make it run or to remove and reinstall it

  0
• 

  cPanelMichael

  • May 09, 2014 14:36

  Please review the last couple of lines in /var/log/exim_mainlog or /var/log/exim_paniclog when Exim fails to restart. Do you notice any particular error messages? Thank you.

  0
• 

  khalled

  • May 09, 2014 17:35

  This the result and last couple of lines in /var/log/exim_mainlog or /var/log/exim_paniclog /root$ tail -500 /var/log/exim_mainlog 2014-05-08 09:17:56 1WiIaZ-0005je-RW no immediate delivery: load average 25.77 2014-05-08 09:17:56 cwd=/home/******/public_html/images 3 args: /usr/sbin/sendmail -oi -t 2014-05-08 09:17:56 1WiIaZ-0005jn-TH <= ******@server.******.net U=****** P=local S=773 id=13e49bbd4f55ee976dac803f544276e4@www.******.net T="Confirm Receipt" for username @aol.com 2014-05-08 09:17:56 1WiIaZ-0005jn-TH no immediate delivery: load average 25.77 2014-05-08 09:17:56 cwd=/home/******/public_html/images 3 args: /usr/sbin/sendmail -oi -t 2014-05-08 09:17:56 1WiIaa-0005kg-CU <= ******@server.******.net U=****** P=local S=4596 id=8bdd4afaa8424013763d0e8f99313943@www.******.net T="THE TRANSFER WILL BE DONE TODAY, IF WE HEAR FROM YOU." for username @aol.com 2014-05-08 09:17:56 1WiIaa-0005kg-CU no immediate delivery: load average 25.77 2014-05-08 09:17:56 cwd
  /root$ tail -500 /var/log/exim_paniclog 2014-05-08 09:17:03 1WiIZi-00047m-C1 User 0 set for local_delivery transport is on the never_users list 2014-05-08 09:17:03 1WiIZj-0004AN-JH User 0 set for local_delivery transport is on the never_users list 2014-05-08 09:17:13 1WiIZs-0004g8-LC User 0 set for local_delivery transport is on the never_users list 2014-05-08 09:17:14 1WiIZs-0004gB-O5 User 0 set for local_delivery transport is on the never_users list 2014-05-08 09:17:15 1WiIZt-0004iN-W4 User 0 set for local_delivery transport is on the never_users list
  

  0
• 

  cPanelMichael

  • May 09, 2014 18:05

  I see no entries that would indicate a reason why Exim is failing. Are you sure it's not running? Is the Exim process active? Thank you.

  0
• 

  khalled

  • May 09, 2014 20:39

  [quote="cPanelMichael, post: 1641352">I see no entries that would indicate a reason why Exim is failing. Are you sure it's not running? Is the Exim process active? Thank you.
  i check service as shown in this post

  0
• 

  khalled

  • May 10, 2014 20:02

  [quote="khalled, post: 1641491">i check service as shown in this post

  0
• 

  khalled

  • May 11, 2014 11:47

  thanks it run and i do the following if any suffer from that WHM"cPanel "Upgrade to Latest Version Upgrade to Latest Version check Force a reinstall even if the system is up to date. and Upgrade

  0
• 

  cPanelPeter cPanel Staff

  • May 11, 2014 16:11

  Hello, Yes, an upgrade (upcp) can usually solve problems like what you were experiencing. Thanks for updating this thread.

  0

Please sign in to leave a comment.