Where is my SpamBox?

Discussion in 'Linux VPS/Dedicated - cPanel' started by LeMarque, Jun 8, 2009.

  1. LeMarque

    LeMarque Member

    Was getting tons of spam and enabled SpamAssain and SpamBox and now I'm not getting the spam e-mails.

    But I can't find the spambox to delete them. Using Horde.
  2. Dan

    Dan Moderator

    Hello LeMarque,

    It should have simply created a 'spam' folder for you under your inbox. I haven't used Horde (or Spamassassin for that matter) much but when folders have been added I seem to remember they always just showed up. Some webmail clients require you to subscribe to folders for them to show up like an IMAP client would.

    You could check in SSH to see if you can find the folder in question as well.

    Not much help I know, sorry :)
  3. LeMarque

    LeMarque Member

    Don't know how they got my e-mail address, but I've been getting tons of spam from this Canadian pharmacy.

    I've looked for that folder, searched the cPanel forum, googled, etc. and did a quick ssh and still can't find it :confused:

    Enabled all the other webmail clients but still no spam folder. Going to disable spambox and start all over again.

  4. Dan

    Dan Moderator

    Was the spam actually addressed to you or did you configure your email as a catchall? Your spambox should only get what is addressed to you if I'm not mistaken.

    And just in case the paths should be:
    /home/acctname/mail/domain.com to see the users
    /home/acctname/mail/domain.com/user to see the user's folders
  5. LeMarque

    LeMarque Member

    Its one of those 'from me to me' sort of emails; i.e.:

    Virgen [john.doe@xxxxxdomains.com] to john.doe@xxxx.domains.com

    My catchall goes to :blackhole.

    I disabled spambox and started receiving the spam again to my outlook inbox. I'll re-enable it and see if I can find the folder in the paths you mention.

    Thanks for the info.
  6. Dan

    Dan Moderator

    Ah, it's very likely that the system is just trying to bounce this type of email since it knows you did not send it. Check your email queue to see if you have emails stuck in there. This is the spammers actual objective is to have the emails bounce to their real target. This is the reason why I stopped using Spamassassin as I could not find where to simply trash these emails rather than bouncing them.
  7. LeMarque

    LeMarque Member

    These emails were making it thru to my local inbox and not being rejected by exim nor are/were there any stuck in the queue. But! I found the spambox, as you pointed out and they are trapped there and not being bounced - also <ducking> I was logging into webmail as the acct. name and viewing all my associated emails. I logged into webmail as the user getting the spam and subscribed to the spam folder (which didn't appear using the acct name) and the spambox is present with the spam!

    Here's what one of them looked like in the exim log:

    2009-06-07 15:00:44 1MDPUF-0005m8-R5 H=ppp-124-121-149-181.revip2.asianet.co.th (ppp-124-122-6-95.revip2.asianet.co.th) []:2361 I=[xx.xxx.xx.xx]:25 Warning: "SpamAssassin as XYZ detected message as spam (16.0)"
    2009-06-07 15:00:44 1MDPUF-0005m8-R5 <= me@mydomain.com H=ppp-124-121-149-181.revip2.asianet.co.th (ppp-124-122-6-95.revip2.asianet.co.th) []:2361 I=[xx.xxx.xx.xx]:25 P=esmtp S=7995 id=YJCCV66647.B0969D8@ppp-124-122-6-95.revip2.asianet.co.th T="Douglas asked to send it" from <me@mydomain.com> for me@mydomain.com
    2009-06-07 15:00:44 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1MDPUF-0005m8-R5
    2009-06-07 15:00:44 1MDPUF-0005m8-R5 => me <me@mydomain.com> F=<me@mydomain.com> R=virtual_user_spam T=virtual_userdelivery_spam S=8094
    2009-06-07 15:00:44 1MDPUF-0005m8-R5 Completed
    2009-06-07 15:00:45 SMTP connection from ppp-124-121-149-181.revip2.asianet.co.th (ppp-124-122-6-95.revip2.asianet.co.th) []:2361 I=[xx.xxx.xx.xx]:25 closed by QUIT
  8. Dan

    Dan Moderator

    AAahhh you were logging in using the domain account name and couldn't see it. Yes I have seen this happen as well, didn't even think about that!

    Glad you got it worked out!
  9. LeMarque

    LeMarque Member


    At your convenience, could you explain "bounce to their real target"?
  10. Dan

    Dan Moderator

    You can put anything in the 'from' field and you can even put a different address in the 'reply to' field. So they put in the address they want it to bounce to and then if the 'to' address is bad it will bounce to another target.
  11. LeMarque

    LeMarque Member

    Doesn't this do it?

    Main >> Service Configuration >> Exim Configuration Editor

    Not sure I understand why they would want it to bounce to 'another target'
  12. Dan

    Dan Moderator

    I don't think so as the system thinks it is a legitimate email that is being bounced.

    Because they are spammers and their objective is to hit as many targets as they can.
  13. LeMarque

    LeMarque Member


    I'll let you get back to work; but doesn't this provide for whether or not SA will bounce spam?

    Attached Files:

  14. Dan

    Dan Moderator

    That does look like what you would be looking for! :D

    I don't think they had those options when I tried Spamassassin.

Share This Page