cPanel Mail Queue and Service Monitoring

The Server Scout cPanel plugin provides essential monitoring capabilities for mail services and critical system components on your cPanel server. This guide will help you leverage these features to maintain server health and quickly respond to potential security issues.

Mail Queue Monitoring

One of the most valuable features of the cPanel plugin is comprehensive mail queue monitoring, which helps you detect compromised accounts and spam outbreaks before they impact your server's reputation.

Understanding Mail Queue Metrics

The plugin tracks two key mail queue metrics:

  • Total messages in queue: Shows the overall volume of queued emails waiting for delivery
  • Top senders: Identifies which accounts are generating the most outbound mail traffic

These metrics are particularly useful for spotting compromised user accounts that may be sending spam, as well as identifying legitimate bulk mailing that might need optimisation.

Interpreting Mail Queue Data

A healthy mail server typically maintains a relatively small queue during normal operation. Sudden spikes in queued messages often indicate:

  • Compromised email accounts sending spam
  • Legitimate bulk mailing campaigns
  • Delivery issues to specific domains
  • Server performance problems

The "top senders" data is especially valuable, as compromised accounts often generate thousands of messages in short periods, making them easy to identify.

Service Status Monitoring

The cPanel plugin continuously monitors essential services that keep your hosting environment running smoothly:

  • httpd/apache: Web server handling HTTP requests
  • exim: Mail transfer agent for sending and receiving email
  • dovecot: IMAP/POP3 server for mail retrieval
  • named/bind: DNS server for domain resolution
  • mysql/mariadb: Database server for web applications
  • postgresql: Alternative database server (if installed)
  • pure-ftpd: FTP server for file transfers
  • cpsrvd: cPanel's main service daemon

The plugin checks these services regularly and reports their status, helping you identify failures before they affect users.

Viewing Plugin Data

To access your cPanel monitoring data:

  1. Log into your Server Scout dashboard
  2. Navigate to the Plugins section in the left sidebar
  3. Select your cPanel server from the list
  4. Review the mail queue statistics and service status information

The interface displays current mail queue volumes, identifies top senders by message count, and shows the operational status of all monitored services with clear indicators for any failures.

Setting Up Alerts

Proactive alerting helps you respond quickly to issues before they escalate:

Mail Queue Alerts

Configure alerts for unusual mail queue activity:

  1. Access the Alerts section in your dashboard
  2. Create a new alert rule for "Mail Queue Size"
  3. Set appropriate thresholds (e.g., alert when queue exceeds 1000 messages)
  4. Choose your notification preferences (email, SMS, or webhook)

Service Failure Alerts

Set up immediate notifications for service outages:

  1. Create alert rules for each critical service
  2. Configure alerts to trigger on service status changes
  3. Set up escalation rules for persistent failures
  4. Test your alert configuration to ensure reliable delivery

Responding to Mail Queue Issues

When you identify suspicious mail activity through queue monitoring:

Quick Response Steps

  1. Identify the source: Review the top senders list to pinpoint problematic accounts
  2. Check recent activity: Look for sudden increases in mail volume from specific users
  3. Investigate further: Examine mail logs for suspicious patterns or destinations

Suspending Compromised Accounts

To quickly suspend a spamming account:

# Suspend the account via WHM or command line
/usr/local/cpanel/bin/whmapi1 suspendacct user=username reason="Compromised account - spam activity"

# Clear the user's mail queue
/usr/sbin/exiqgrep -i -f @suspendeddomain.com | xargs /usr/sbin/exim -Mrm

Additional Mitigation

Consider implementing additional security measures:

  • Enable two-factor authentication for email accounts
  • Implement rate limiting for outbound mail
  • Review and strengthen password policies
  • Monitor for unusual login patterns

Best Practices

  • Review mail queue data daily during peak hours
  • Set conservative alert thresholds initially, then adjust based on your server's normal patterns
  • Document your response procedures for common issues
  • Regularly audit user accounts showing high mail volumes
  • Keep service monitoring alerts enabled for all critical components

By effectively utilising Server Scout's cPanel plugin monitoring features, you'll maintain better server health, protect your mail reputation, and respond more quickly to security incidents.

Frequently Asked Questions

How do I set up mail queue monitoring in ServerScout cPanel plugin?

To access mail queue monitoring, log into your ServerScout dashboard, navigate to the Plugins section in the left sidebar, and select your cPanel server. The interface will display current mail queue volumes, top senders by message count, and service status information automatically once the plugin is installed.

What services does the cPanel plugin monitor?

The cPanel plugin monitors eight essential services: httpd/apache (web server), exim (mail transfer agent), dovecot (IMAP/POP3 server), named/bind (DNS server), mysql/mariadb (database server), postgresql (alternative database), pure-ftpd (FTP server), and cpsrvd (cPanel's main service daemon).

How does mail queue monitoring help detect compromised accounts?

Mail queue monitoring tracks total queued messages and identifies top senders by volume. Compromised accounts typically generate thousands of spam messages in short periods, creating sudden spikes in the mail queue and appearing prominently in the top senders list, making them easy to identify.

Why is my mail queue suddenly showing high volumes?

Sudden mail queue spikes typically indicate compromised email accounts sending spam, legitimate bulk mailing campaigns, delivery issues to specific domains, or server performance problems. Check the top senders list to identify which accounts are generating the most traffic and investigate accordingly.

How do I configure mail queue alerts in ServerScout?

Access the Alerts section in your dashboard, create a new alert rule for 'Mail Queue Size', set appropriate thresholds (such as alerting when the queue exceeds 1000 messages), and choose your notification preferences including email, SMS, or webhook delivery methods.

What should I do when I identify a compromised account?

First, identify the problematic account from the top senders list. Then suspend the account using WHM or command line tools, clear the user's mail queue using exiqgrep and exim commands, and implement additional security measures like two-factor authentication and stronger password policies.

How often does the cPanel plugin check service status?

The cPanel plugin continuously monitors essential services and reports their status regularly. It checks services like httpd, exim, dovecot, named, mysql, postgresql, pure-ftpd, and cpsrvd, providing clear indicators for any failures in the ServerScout dashboard interface.

Was this article helpful?

Related Articles