Fresh Cyberpanel install but E-MAIL logs show emails being sent from sever every 3 mins

Rofocale · December 6, 2022, 10:00am

Hi, running a VPS with fresh OS and CyberPanel install, no websites created or settings altered, etc.

I checked the EMAIL logs and saw the below. Can anyone help by explaining what’s happening here and why sendmail is active every 3 mins?

Dec  6 09:30:05 taro sendmail[1426]: 2B69U1YF001426: from=root, size=580, class=-60, nrcpts=1, msgid=<[email protected]>, relay=root@localhost
Dec  6 09:30:05 taro sendmail[1475]: 2B69U52s001475: from=<[email protected]>, size=865, class=-60, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Dec  6 09:30:05 taro sendmail[1426]: 2B69U1YF001426: to=root, ctladdr=root (0/0), delay=00:00:04, xdelay=00:00:00, mailer=relay, pri=138580, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (2B69U52s001475 Message accepted for delivery)
Dec  6 09:30:05 taro sendmail[1476]: 2B69U52s001475: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=139086, dsn=2.0.0, stat=Sent
Dec  6 09:33:04 taro sendmail[1531]: 2B69X1oH001531: from=root, size=580, class=-60, nrcpts=1, msgid=<[email protected]>, relay=root@localhost
Dec  6 09:33:04 taro sendmail[1576]: 2B69X4ub001576: from=<[email protected]>, size=865, class=-60, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Dec  6 09:33:04 taro sendmail[1531]: 2B69X1oH001531: to=root, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=138580, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (2B69X4ub001576 Message accepted for delivery)
Dec  6 09:33:04 taro sendmail[1577]: 2B69X4ub001576: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=139086, dsn=2.0.0, stat=Sent
Dec  6 09:36:04 taro sendmail[1630]: 2B69a1XZ001630: from=root, size=580, class=-60, nrcpts=1, msgid=<[email protected]>, relay=root@localhost
Dec  6 09:36:04 taro sendmail[1676]: 2B69a41c001676: from=<[email protected]>, size=865, class=-60, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Dec  6 09:36:04 taro sendmail[1630]: 2B69a1XZ001630: to=root, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=138580, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (2B69a41c001676 Message accepted for delivery)
Dec  6 09:36:04 taro sendmail[1677]: 2B69a41c001676: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=139086, dsn=2.0.0, stat=Sent
Dec  6 09:39:04 taro sendmail[1741]: 2B69d1M8001741: from=root, size=580, class=-60, nrcpts=1, msgid=<[email protected]>, relay=root@localhost
Dec  6 09:39:04 taro sendmail[1856]: 2B69d4g3001856: from=<[email protected]>, size=865, class=-60, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Dec  6 09:39:04 taro sendmail[1741]: 2B69d1M8001741: to=root, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=138580, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (2B69d4g3001856 Message accepted for delivery)
Dec  6 09:39:04 taro sendmail[1857]: 2B69d4g3001856: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=139086, dsn=2.0.0, stat=Sent
Dec  6 09:42:04 taro sendmail[1912]: 2B69g1hM001912: from=root, size=580, class=-60, nrcpts=1, msgid=<[email protected]>, relay=root@localhost
Dec  6 09:42:04 taro sendmail[1957]: 2B69g4Wp001957: from=<[email protected]>, size=865, class=-60, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Dec  6 09:42:04 taro sendmail[1912]: 2B69g1hM001912: to=root, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=138580, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (2B69g4Wp001957 Message accepted for delivery)
Dec  6 09:42:04 taro sendmail[1958]: 2B69g4Wp001957: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=139086, dsn=2.0.0, stat=Sent
Dec  6 09:45:04 taro sendmail[2061]: 2B69j1T2002061: from=root, size=580, class=-60, nrcpts=1, msgid=<[email protected]>, relay=root@localhost
Dec  6 09:45:05 taro sendmail[2107]: 2B69j4np002107: from=<[email protected]>, size=865, class=-60, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Dec  6 09:45:05 taro sendmail[2061]: 2B69j1T2002061: to=root, ctladdr=root (0/0), delay=00:00:04, xdelay=00:00:01, mailer=relay, pri=138580, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (2B69j4np002107 Message accepted for delivery)
Dec  6 09:45:05 taro sendmail[2108]: 2B69j4np002107: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=139086, dsn=2.0.0, stat=Sent
Dec  6 09:48:04 taro sendmail[2336]: 2B69m10S002336: from=root, size=580, class=-60, nrcpts=1, msgid=<[email protected]>, relay=root@localhost
Dec  6 09:48:04 taro sendmail[2386]: 2B69m4hH002386: from=<[email protected]>, size=865, class=-60, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Dec  6 09:48:04 taro sendmail[2336]: 2B69m10S002336: to=root, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=138580, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (2B69m4hH002386 Message accepted for delivery)
Dec  6 09:48:04 taro sendmail[2387]: 2B69m4hH002386: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=139086, dsn=2.0.0, stat=Sent
Dec  6 09:51:04 taro sendmail[14811]: 2B69p1KJ014811: from=root, size=580, class=-60, nrcpts=1, msgid=<[email protected]>, relay=root@localhost
Dec  6 09:51:04 taro sendmail[14858]: 2B69p4n6014858: from=<[email protected]>, size=865, class=-60, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Dec  6 09:51:04 taro sendmail[14811]: 2B69p1KJ014811: to=root, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=relay, pri=138580, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (2B69p4n6014858 Message accepted for delivery)
Dec  6 09:51:04 taro sendmail[14859]: 2B69p4n6014858: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=139086, dsn=2.0.0, stat=Sent

Rofocale · December 6, 2022, 10:21am

I’ve also just checked my FTP logs and I’m getting failed login attempts every 30 secs or so. I’ve turned on MOD Security and installed the rule pack and also turned on the Firewall in Cyberpanel, but the login attempts keep going and sendmail is still running.

Dec  6 10:14:46 taro sshd[17359]: Failed password for invalid user sonic from 73.166.138.27 port 29138 ssh2
Dec  6 10:14:46 taro sshd[17359]: Received disconnect from 73.166.138.27 port 29138:11: Bye Bye [preauth]
Dec  6 10:14:46 taro sshd[17359]: Disconnected from 73.166.138.27 port 29138 [preauth]

shoaibkk · December 6, 2022, 10:42am

These are just starting logs nothing to worry

Rofocale · December 6, 2022, 10:51am

Thank you, but what about the failed login attempts on the FTP logs? (see the reply).

shoaibkk · December 6, 2022, 11:07am

You dont have any site?

Rofocale · December 6, 2022, 11:09am

No, nothing at all. Just CENT OS and Cyberpanel. I did a fresh install and checked the logs and saw that these failed login attempts keep coming.