23 lines
1.6 KiB
Plaintext
23 lines
1.6 KiB
Plaintext
|?SUBJECT=Warning: `COUNT` emails have just been sent by `USERNAME`|
|
|
The |USERNAME| account has just finished sending |COUNT| emails.
|
|
There could be a spammer, the account could be compromised, or just sending more emails than usual.
|
|
|
|
After some processing of the |BYTES_FILE| file, it was found that the highest sender was |TOP_SENDER|, at |TOP_SENDER_COUNT| emails.
|
|
|*if TOP_AUTH_PERCENT>"20"|
|
|
The top authenticated user was |TOP_AUTH|, at |TOP_AUTH_COUNT| emails.
|
|
This accounts for |TOP_AUTH_PERCENT|% of the emails. The higher the value, the more likely this is the source of the emails.
|
|
An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery.|*endif|
|
|
|*if TOP_HOST_PERCENT>"20"|
|
|
The top sending host was |TOP_HOST|, at |TOP_HOST_COUNT| emails (|TOP_HOST_PERCENT|%).|*endif|
|
|
|*if TOP_PATH_PERCENT>"20"|
|
|
The most common path that the messages were sent from is |TOP_PATH|, at |TOP_PATH_COUNT| emails (|TOP_PATH_PERCENT|%).
|
|
The path value may only be of use if it's pointing to that of a User's home directory.
|
|
If the path is a system path, it likely means the email was sent through smtp rather than using a script.|*endif|
|
|
|*if TOP_PHP_SCRIPT_PERCENT>"20"|
|
|
The top sending script was |TOP_PHP_SCRIPT|, at |TOP_PHP_SCRIPT_COUNT| emails, (|TOP_PHP_SCRIPT_PERCENT|%).|*endif|
|
|
|*if TOP_PHP_SCRIPT_PERCENT>DISABLE_PHP_SCRIPT_AT_LIMIT_THRESHOLD|Because the bulk of the emails have been sent by the script, please check it to confirm it has not been compromised.|*endif|
|
|
|*if SCRIPT_CHMOD_RESULT!=""||SCRIPT_CHMOD_RESULT||*endif|
|
|
|
|
This warning was generated because the |LIMIT| email threshold was hit.
|
|
|
|
|MSG_FOOTER| |