Results 1 to 6 of 6
  1. #1

    Question Understanding Exim and Exim_mainlog

    Hi all,

    I'm new and a green thumb at mail, smtp, exim etc.

    We host our websites on our own dedicated server and I had this mail message sent to me and i'm not quite sure i understand it.

    Subject: [newmailcgi] Recently Uploaded CGI scripts that send email on {server excluded from quote}

    Note: If this is the first time you received this mail, it contains the history for the entire month so far.

    Below are the recently upload scripts that contain code to send email. You may wish to inspect them to ensure they are not sending out SPAM.

    /home/eyn/public_html/site/wiki/includes/UserMailer.php:51: function toString() {
    /home/eyn/public_html/site/wiki/includes/UserMailer.php:52: # PHP's mail() implementation under Windows is somewhat shite, and
    /home/eyn/public_html/site/wiki/includes/UserMailer.php:53: # can't handle "Joe Bloggs <joe@bloggs.com>" format email addresses,
    ---
    /home/eyn/public_html/site/wiki/includes/UserMailer.php:194: set_error_handler( array( 'UserMailer', 'errorHandler' ) );
    /home/eyn/public_html/site/wiki/includes/UserMailer.php:195: wfDebug( "Sending mail via internal mail() function\n" );
    /home/eyn/public_html/site/wiki/includes/UserMailer.php:196:
    ---
    /home/eyn/public_html/site/wiki/includes/UserMailer.php:199: foreach ($to as $recip) {
    /home/eyn/public_html/site/wiki/includes/UserMailer.php:200: $sent = mail( $recip->toString(), wfQuotedPrintable( $subject ), $body, $headers );
    /home/eyn/public_html/site/wiki/includes/UserMailer.php:201: }
    ---
    /home/eyn/public_html/site/wiki/includes/UserMailer.php:202: } else {
    /home/eyn/public_html/site/wiki/includes/UserMailer.php:203: $sent = mail( $to->toString(), wfQuotedPrintable( $subject ), $body, $headers );
    /home/eyn/public_html/site/wiki/includes/UserMailer.php:204: }
    ---
    /home/eyn/public_html/site/forums/includes/class_mail.php:37: *
    /home/eyn/public_html/site/forums/includes/class_mail.php:38: * This class sends email from vBulletin using the PHP mail() function
    /home/eyn/public_html/site/forums/includes/class_mail.php:39: *
    ---
    /home/eyn/public_html/site/administrator/components/com_config/controllers/application.php:355: $config_array['fromname'] = JRequest::getVar('fromname', 'Joomla 1.5', 'post', 'string');
    /home/eyn/public_html/site/administrator/components/com_config/controllers/application.php:356: $config_array['sendmail'] = JRequest::getVar('sendmail', '/usr/sbin/sendmail', 'post', 'string');
    /home/eyn/public_html/site/administrator/components/com_config/controllers/application.php:357: $config_array['smtpauth'] = JRequest::getVar('smtpauth', 0, 'post', 'int');
    ---
    /home/eyn/public_html/site/administrator/components/com_docman/includes/groups.php:286: // ;
    /home/eyn/public_html/site/administrator/components/com_docman/includes/groups.php:287: // mail($emailtosend->email, $subject, $message, $headers);
    /home/eyn/public_html/site/administrator/components/com_docman/includes/groups.php:288: // TO: SUBJECT: (message) Headers
    ---
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:128: */
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:129: var $Sendmail = '/usr/sbin/sendmail';
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:130:
    ---
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:289: /**
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:290: * Sets Mailer to send message using PHP mail() function.
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:291: * @return void
    ---
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:457: /**
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:458: * Sends mail using the PHP mail() function.
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:459: * @access private
    ---
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:872:
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:873: /* To be created automatically by mail() */
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:874: if($this->Mailer != 'mail') {
    ---
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:886:
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:887: /* sendmail and mail() extract Cc from the header before sending */
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:888: if((($this->Mailer == 'sendmail') || ($this->Mailer == 'mail')) && (count($this->cc) > 0)) {
    ---
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:891:
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:892: /* sendmail and mail() extract Bcc from the header before sending */
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:893: if((($this->Mailer == 'sendmail') || ($this->Mailer == 'mail')) && (count($this->bcc) > 0)) {
    ---
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:900:
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:901: /* mail() sets the subject itself */
    /home/eyn/public_html/site/libraries/phpmailer/phpmailer.php:902: if($this->Mailer != 'mail') {
    ---
    /home/eyn/public_html/site/libraries/joomla/config.php:20: var $fromname = '';
    /home/eyn/public_html/site/libraries/joomla/config.php:21: var $sendmail = '/usr/sbin/sendmail';
    /home/eyn/public_html/site/libraries/joomla/config.php:22: var $smtpauth = '0';
    ---

    Now, my site is very new and i haven't done much to it in the past week or so...especially when it comes to installation. I also do not have a member by the name of joe@bloggs.com

    so i'm wondering if this means i have spam being sent from my server?

    I really appreciate it!!!
    Kristine
    Last edited by ktaylor; 10-07-2009 at 12:30 PM.

  2. #2
    Also, I updated the exim.conf file to include log_selector=+all so i can see what all is going on through the mail system and to be honest, i'm not sure if it's working right.

    Can anyone help clarify what's going on for me?

    here's a portion of what my exim_mainlog is showing....

    well, i'd love to attach the code but it won't let me since i don't have 5 posts yet. i'll see if i can attach a photo
    Attached Thumbnails Attached Thumbnails Screen shot 2009-10-07 at 9.34.09 AM.png  

  3. #3
    Join Date
    Jun 2008
    Location
    India
    Posts
    130
    the logs says that user eyn is sending mails by using cgi scripts. You need to check the count of emails and all to make sure that the user is not a spammer. Otherwise u may face abuse issues on this server.

    you can use grep '2009-10-09' | /var/log/exim_mainlog| fgrep '/home/eyn'and just check the count of success full emails. change the date to require one

  4. #4
    Join Date
    Jul 2009
    Posts
    178
    You can limit the number of email send per hour per domain and also checks the logs and execute exim -bp | exiqsumm to see the email queue.

  5. #5
    Join Date
    Oct 2009
    Location
    Ernakulam, Kerala, IN
    Posts
    5
    Hello,

    The mail you received just indicates that the following scripts have mail options. If you take a closer look at this, then you can note that they are normal phpmailer & joomla scripts. If these were not uploaded by you, then you should really concern, otherwise you can ignore this warning mail.

    -Shyam

  6. #6
    Thank you! I will check all your suggestions out. Most of my work behind the scenes is Joomla based.

    do i do these functions in terminal or cpanel?

Similar Threads

  1. exim_mainlog is this normal?
    By saj in forum Hosting Security and Technology
    Replies: 3
    Last Post: 12-01-2007, 09:56 PM
  2. Help understanding exim_mainlog
    By littlened in forum Hosting Security and Technology
    Replies: 1
    Last Post: 08-24-2007, 11:51 AM
  3. how do I tail -f /var/log/exim_mainlog (but not on exim)
    By netlink in forum Hosting Security and Technology
    Replies: 3
    Last Post: 07-20-2006, 06:15 AM
  4. exim_mainlog permissions?
    By saltydog in forum Dedicated Server
    Replies: 1
    Last Post: 01-23-2006, 03:24 PM
  5. exim_mainlog information
    By mohits4 in forum Dedicated Server
    Replies: 2
    Last Post: 08-19-2005, 09:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •