WHM: List Largest Emails In An Account With Subject

I recently needed to find the largest emails in various email accounts and share the size and subject. Not if it was a single email account which I had access too there are likely much simpler options using webmail or an email client to get the same outcome.

It looks like this hasn’t been written about before so I pieced together various tutorials to end up with the final solution.

This guide assumes you know what you’re doing on the command line prompt and that you have the permissions to view the files and folders below. It also assumes you have the permissions to go poking around in people’s email accounts, so be sure to ask for that before you start outputing private email subjects from their accounts

The first step is to check you have the following results for a list of files in the chosen CPanel account’s mail folder:

$ls -a /home/[account]/mail

The above should show you a folder for each domain, but hopefully also a symlink for each account. In my case:


The above actually points to example.com/email but we’ll be using it in our code.

This code also expects emails to be stored in files ending with ,Sab or ,RSab or ,S or ,RS so check that too.

So here is the full example which I’ll then break down below. You’ll need to update it to suit your needs:

find /home/[account]/mail/.email\@example_com/ -type f ( -iname "*,Sab" -or -iname "*,RSab" -or -iname "*,S" -or -iname "*,RS" ) -size +1M -exec grep "Subject: " {} \; -printf '%s B - ' | sort -nr | head -10

First we use the find command to list files which match our email file name (end with 4 options) and have a file size of greater than 1M:

find /home/[account]/mail/.email\@example_com/ -type f ( -iname "*,Sab" -or -iname "*,RSab" -or -iname "*,S" -or -iname "*,RS" ) -size +1M

We then trigger an exec on that which will eventually return their subject as part of the output, and also print their file size in bytes (%s) followed by a B and a hyphen with -printf

-exec grep "Subject: " {} \; -printf '%s B - '

We then sort the list:

sort -nr

and finally only return the first 10:

head -10

Setting up Google 2FA using an app not SMS

Google appear to be intentionally hiding the option to use an authenticator app such as Google Authenticator, 1Password and LastPass to store and generate 2FA codes for your Google Account login.

You can use them, but it’s not clear how, and you have to temporarily submit a mobile number you have access to before you’ll find the option available to you.

  • Head to manage your account.
  • Choose to add 2FA
  • Select to do it via SMS
  • Submit your number
  • Enter the code they send you
  • On the next screen select to add an authenticator app
  • Follow the steps and submit the code you can now access
  • View the backup codes and store them somewhere safely
  • Finally you can remove your mobile number from the list of option

So to not use your mobile number and SMS (which is vulnerable to hijacking) you first have to submit your mobile number ¯\_(ツ)_/¯

Command Line creation of DNS ‘A’ Record in AWS Route53

If you need to add a new record to a Route53 hosted Zone it can be clunky to log in, browse to the right place and manually add your record each time.

If you’re already using some elements of aws or eb command line functionality then this might just be a small step for you which simplifies a currently manual process.

The aws route53 tools are far more powerful than I will cover here. You could add multiple records in a single request. You could updated existing records, or even toggle certain records.

Hopefully this article and the links are enough to get you on your way.

Now the guides generally tell you to create and use a .json file to pull in your config when running the command line, but where the command is simple and you might want to document it, or share it, it’s easier if the whole thing is a single line. If you want to use a .json file then check out the AWS docs for that.

My initial need was to add a single new subdomain to a domain which has many records. Rather than log in and add the record each time, now it’s part of a flow of other command line requests and means less context switching. Opening a browser for any reason can lead to distraction.

I am however not adding a standard ‘A’ record. I’m actually pointing to an Application Load Balancer so I’ll show you the differences for that below.

The first thing you’ll need to do is confirm you have aws command line tools set up and with permissions for the account you’ll be making changes for. Confirmed? Continue…

aws route53 list-hosted-zones

Find the relevent zone in the list and make a note of the final part of the Id from the last forward slash.

Now we’re going to CREATE in our examples but you can also DELETE or UPSERT (update if exists, insert otherwise).

You can also CREATE all sorts of other records, but we’ll stick to ‘A’ for now as it’s a pretty popular record to add.

Take the following and replace the hosted zone id with the code part taken from above after the forward slash. Replace the domain name with yours, replace the subdomain with the one you want to add.

aws route53 change-resource-record-sets --hosted-zone-id BD55*****RS2 --change-batch '{"Changes": [{"Action": "CREATE","ResourceRecordSet": {"Name": "example.com","Type":"A","ResourceRecords": [{"Value": "subdomain.example.com"}]}]}'

And then run it. You can optionally add a comment, TTL and other details. See the docs for that.

Hopefully if you got the zone id right and the details in the right place, you’ll now have a new record in your route53. You can check with:

aws route53 list-resource-record-sets --hosted-zone-id BD55*****RS2


If you want to point to an Alias—for example to point to a load balancer—you’ll first need to confirm the details of the loadbalancer to point to.

Here we’re specifically looking for the ‘hosted zone id’ and the ‘DNS Name’.

aws elbv2 describe-load-balancers --region [The Region]

… switch out the region above first. You should then be shown a list of your load balancers. Match the one you need to point to by its code. I actually looked at my existing DNS records to find that using the list-resource-record-sets method above. Then copy the Hosted Zone ID and the DNS Name for it somewhere safe.

The code when an alias is involved contains little more information. In the following you’ll need to replace…

  • the hosted-zone-id with that of your domain
  • the HostedZoneId with that of your load balancer
  • the domain Name
  • the DNSName of your load balancer
  • the true / false value for EvaluateTargetHealth
aws route53 change-resource-record-sets --hosted-zone-id BD55*****RS2 --change-batch '{"Changes": [{"Action": "CREATE","ResourceRecordSet":{"Name": "subdomain.example.com","Type": "A","AliasTarget":{"HostedZoneId":"AC22*****UE7","DNSName": "dualstack.awseb-awseb-Lptg*****fDJ-203*****13.eu-west-1.elb.amazonaws.com","EvaluateTargetHealth": false}}}]}'

Run the above and you’ll be shown basic details about the new record. Again you can run the list-resource-record-sets line above to confirm it’s been created.

Hopefully that’s enough to get you started and you can move on to other options using the official AWS docs. You can also put batches of changes into a .json file if you’d like to CREATE multiple records at a time.

Creating a scheduled Lambda or Lambda Cron

This guide revolves around a basic twitter bot implementation which posts a single tweet to the same twitter account every 6 hours.

It allows any Node script (or other if you fancy doing the work to get PHP/Python etc running) to be triggered on any schedule, from every minute to once every year.

Several steps are involved in getting this all up and running:

  • Get our Twitter auth details
  • Write our bot code
  • Create the Lambda in AWS Console
  • Add Environmental variables to keep our security details safe
  • Test our Lambda function
  • Set up a Cloudwatch trigger to act as the scheduler
  • Confirm the schedule is running as expected

Get our Twitter auth details

Open developer.twitter.com and consider which account you’re going to post tweets to.

You may need to sign up and verify your account. Do all that, or just login.

Once you’re in create a new app. Click to create or view keys / access details and ensure you have an App Token, App Secret, User Secret and User Token. So four hashes in total. Two tokens and two secrets.

Also check that your user details have read and write access so we can post tweet updates.

Continue reading “Creating a scheduled Lambda or Lambda Cron”