Skip to main content

/etc/userdomains

Comments

2 comments

  • cPanelMichael
    My eximstats log lists the vast majority of remote smtp connections as unauthorized. I have been looking through files referenced in WHM's exim advanced configuration page trying to determine how they can connect without authenticating.

    Hello, It's likely the messages are coming through a PHP script. Could you verify which PHP handler is enabled (E.g. suPHP, DSO) on the instance of PHP installed on your system? Note the following document is the best place to start when attempting to prevent email abuse: How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation Thank you.
    0
  • NOC_Serverpoint
    Hello, Do you have shell access? If so, please run the following script grep "[COLOR=rgb(53, 28, 117)]cwd=/home" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print $i}}' | sort | uniq -c | grep cwd | sort -n [COLOR=rgb(53, 28, 117)]NB:This will check the script that will originate spam mails. [COLOR=rgb(53, 28, 117)] NB:It shows the IPs which are connected to server through port number 25. It one particular Ip is using more than 15 connection you can block it in the server firewall. #netstat -plan | grep :25 | awk {'print $5'} | cut -d: -f 1 | sort | uniq -c | sort -nk 1 NB:The following script will give the summary of mails in the mail queue. exim -bpr | exiqsumm -c | head Thank you,
    0

Please sign in to leave a comment.