Results 1 to 2 of 2
  1. #1
    Join Date
    Jul 2005

    Tracking spammer in Cpanel Exim

    I am trying to track down the spammer in my Cpanel sever but could not get any useful information from the exim logs. I am looking for the line "fixed_plain" to identify the accounts but it is not showing in the logs. How do i enable this field?

    I have included the following line in my exim but still no good:-
    log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
    The logs from exim is as below:
    2011-04-02 01:05:43 [7370] 1Q5t1q-0001us-FD <= [email protected] H=localhost ( []:50884 I=[]:25 P=smtp S=1410 [email protected] T="Your Amazon Payments Request" from <[email protected]> for [email protected]
    2011-04-02 01:05:43 [7455] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1Q5t1q-0001us-FD
    2011-04-02 01:05:44 [7455] 1Q5t1q-0001us-FD ** [email protected] F=<[email protected]> R=fail_remote_domains: The mail server could not deliver mail to [email protected]  The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
    2011-04-02 01:05:44 [7472] cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1Q5t1q-0001us-FD
    2011-04-02 01:05:45 [7472] 1Q5t1s-0001wW-Jt <= <> R=1Q5t1q-0001us-FD U=mailnull P=local S=2444 T="Mail delivery failed: returning message to sender" from <> for [email protected]
    2011-04-02 01:05:46 [7455] 1Q5t1q-0001us-FD Completed QT=4s
    Would appreciate any help
    My Web Hosting and Gadgets Blog

  2. #2
    Join Date
    Jul 2005
    Problem has been resolved. I managed to trace the culprit by looking at the processes list of the server.
    My Web Hosting and Gadgets Blog

Similar Threads

  1. How is spammer getting around Exim Relay blocks?
    By Frontpage in forum Hosting Security and Technology
    Replies: 10
    Last Post: 04-11-2012, 01:00 PM
  2. Need assistance w/ Exim, catching a spammer.
    By kenop in forum Other Offers & Requests
    Replies: 4
    Last Post: 01-22-2006, 05:49 PM
  3. Help with tracking spammer on dedicated server
    By joeylupre in forum Dedicated Server
    Replies: 8
    Last Post: 09-24-2005, 03:39 AM
  4. Assistance needed tracking down an email problem (exim)
    By kenop in forum Employment / Job Offers
    Replies: 2
    Last Post: 07-14-2004, 10:53 PM
  5. Tracking down a spammer
    By cheapo in forum Running a Web Hosting Business
    Replies: 2
    Last Post: 08-07-2003, 12:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts