SOLVED cPanel account receiving login notifications

[Havri]

Hello,

A client of ours is receiving some notifications about logins:

Successful Login as "[email protected]" from a Known Network


Domain: my-domain.tld
Service: dovecot
Local IP Address: 172.23.23.23
Local Port: 993
Remote IP Address: 222.222.222.222
Remote Port: 6601
Authentication Database: mail
Username: [email protected]
Known Network †: Yes ✔

I've looked in the Contact information section in their cPanel, but the contact addresses do not match the email address that is receiving these notifications. For example, the email account that is receiving the notifications is "[email protected]", but in the cPanel -> Contact Information section there are other 2 email accounts "[email protected]" and "[email protected]".

How can these notifications be disabled? Is this a cPanel account setting or some specific webmail configuration (roundcube, horde, etc.).?

Let me know if you need any other info

Thank you.

 

[webhostuk]

Is this user also have WHM access, if so the email alert setting for this domain will be setup in his WHM and not Cpanel.
I am just trying to confirm if he has WHM as well.

 

[Havri]

Hello,

No, the user isn't a reseller so it doesn't have access to WHM. It's a simple cPanel account.

Thank you.

 

[cPanelLauren]

Hi @Havri

Does the user have any forwarders on the account? If the mail is sent to a different email address than what's on file that would be the only explanation that I can think of. If you're able to access the server via SSH the email transaction details at /var/log/exim_mainlog would be extremely useful in explaining what occurred as well.

Thanks!

 

[Havri]

Hello,

The account does have a forwarder set up, but the [email protected] address is the sender and [email protected] is the address that all mails are being forwarded to. Not the other way around.

Here's an entry from exim_mainlog that captures the SMTP transaction:

2018-06-15 22:26:08 1fTuMK-00CgNR-4v <= [email protected] H=(localhost.localdomain) [127.0.0.1]:41301 I=[127.0.0.1]:25 P=esmtp S=39592 [email protected] T="[my-domain.tld] \342\234\224 Login as [email protected] from a Known Network IP Address 92.82.230.198" from <[email protected]> for [email protected] [email protected]
2018-06-15 22:26:08 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1fTuMK-00CgNR-4v
2018-06-15 22:26:08 1fTuMK-00CgNR-4v SMTP connection identification H=localhost A=127.0.0.1 P=41301 M=1fTuMK-00CgNR-4v U=root ID=0 S=root B=authenticated_local_user
2018-06-15 22:26:08 1fTuMK-00CgNR-4v Sender identification U=root D=-system- S=root
2018-06-15 22:26:08 1fTuMK-00CgNR-4v SMTP connection identification H=localhost A=127.0.0.1 P=41301 M=1fTuMK-00CgNR-4v U=root ID=0 S=root B=authenticated_local_user
2018-06-15 22:26:08 1fTuMK-00CgNR-4v Sender identification U=root D=-system- S=root
2018-06-15 22:26:08 1fTuMK-00CgNR-4v => contact <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_virtual_delivery S=40434 C="250 2.0.0 <[email protected]> yMFPHNASJFv8Hy4AXL/IpQ Saved"
2018-06-15 22:26:10 1fTuMK-00CgNR-4v => [email protected] ([email protected]) <[email protected]> F=<[email protected]> R=lookuphost T=remote_smtp S=40752 H=gmail-smtp-in.l.google.com [74.125.133.26] I=[122.122.122.122] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes DN="/C=US/ST=California/L=Mountain View/O=Google LLC/CN=mx.google.com" C="250 2.0.0 OK 1529090772 g30-v6si7950367wrd.88 - gsmtp"
2018-06-15 22:26:10 1fTuMK-00CgNR-4v Completed

I am also sending an attachment with the contact info settings from the account. As you can see, the option "Someone logs in to my account." isn't checked, so there shouldn't be any login notifications.

Let me know if you need any other info to get this solved.

Thank you.

 

[cPanelLauren]

Hi @Havri


The mail transaction clearly shows a forwarder from [email protected] ->> [email protected]

Does this user have root/whm access to the server? If so can you let me know what is set at WHM>>Server Contacts>>Edit System Mail Preferences?


Thanks!

 

[Havri]

Hello,

Exactly, it shows entries with [email protected] and [email protected] as the recipients of the mails from
[email protected]. The problem is that this [email protected] mail address isn't put as a contact address in any cPanel forms (cPanel -> Contact Information, WHM>>Server Contacts>>Edit System Mail Preferences, etc.). It is just a simple email account. This account shouldn't get a notification from [email protected] as per current settings.

Regarding the account, this is just a simple cPanel account, not a reseller.

Thank you.

 

[cPanelLauren]

Hi @Havri

Could you please open a ticket using the link in my signature? Once open please update this thread with the ticket ID so that we can follow up here with the outcome.

Thanks!

 

[Havri]

Hello,

I tried to open a ticket but it shows me an error saying that the IP or Support Access ID is not correct. Also, I saw that your license check page does not work. Please see the 2 attachments. The server has a cPanel license.

Thank you.

 

[Infopro]

cPanel System Administration is aware of an issue related to the ticket system and is working to resolve it as quickly as possible. Please check back later.

 

[cPanelLauren]

HI @Havri

I'm so sorry about that, it looks like we had some issues overnight. The issue should be resolved now can you please try again?

Thanks!

 

[Havri]

Hello,

I just did:

Your support request ID: 9768251

Thank you.

 

[cPanelLauren]

Hi @Havri

Thanks! I'm watching that ticket and I've added a note to check this thread for information as well. I'll update here as soon as we know the outcome of the ticket.


Thank you,

 

[Havri]

Hello,

Well, this is a bit embarrassing on my part. I thought that login notifications can only be activated at a cPanel account level, not for each individual email account login.

For those that don't know, you can set a per email account login notifications in -> Email Accounts -> [email protected] -> Access Webmail ->
In the upper right corner click on the email address that is just to the left of the Logout button so that a dropdown menu shows -> Contact Information.

Thank you for your support.

Best regards.

 

[cPanelLauren]

Hi @Havri

Please don't be embarrassed, I think you've helped many others today! Thank you for updating the thread as to the result of the ticket and how to resolve the issue.

Thank you!