Find Cause of Spam Source

CentOS, Hosting / October 6, 2023 / ashishpsk / 0

Mass suspend or unsuspend mailboxes of a domain

Using the API, can help you quickly automate that process and suspend the users in question:

If you wish to suspend the entire domain, you can use:

whmapi1 suspend_outgoing_email user=cPanel_Username
Eg: whmapi1 suspend_outgoing_email user=example

To Unsuspend:

whmapi1 unsuspend_outgoing_email user=cPanel_Username

If you prefer to suspend a specific email account login, you can use the suspend_login API call.

uapi --user=username Email suspend_login email=user001example.com

To suspend incoming mail, you can use the suspend_incoming

uapi --user=username Email suspend_incoming email=user%40example.com

And to suspend outgoing mail, use the suspend outgoing command:

uapi --user=username Email suspend_outgoing email=user%40example.com

How to change the email routing of a domain with the API

uapi --user=$username Email set_always_accept domain='$domain.tld' alwaysaccept=$location

Please note that “$username” must be replaced with the cPanel account’s username. While “$domain.tld” must be replaced with the domain that needs the email routing changed. Finally, “$location” must be replaced with “local” if the local mail server will receive mail for the domain or “remote”

Few Exim Commands:

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

one liner you can use to check on the amount of authentications used per email:

head -1 /var/log/exim_mainlog | awk '{print $1}' ; egrep -o 'dovecot_login[^ ]+|dovecot_plain[^ ]+' /var/log/exim_mainlog | cut -f2 -d":" | sort|uniq -c|sort -nk 1 ; tail -1 /var/log/exim_mainlog | awk '{print From $1}'

For mail logs, do:

grep -A1 /home/twinciti /var/log/exim_mainlog

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | grep public_html

This will list out the subject of all emails originating from the root of your server and the receiving email,

grep "<= root\@" /var/log/exim_mainlog | awk -F"T=\"" '/<=/ {print $2}' | sort | uniq -c | sort -n

Linux