High Ram/CPU usage, unusual mail/messages logs

[knipper]

Hey all..

On one of my older servers I noticed CPU usage going up, and very high RAM usage starting the end of May. For the last sveral days, these have been high.

As I started digging I see named-unamed is generating most of the usage. I can literally watch the /var/log/messages file scroll by, with dozens of lame server messages every couple seconds.

I thought A spammer was trying to use the system, made sure I didn't have an open relay, etc. and all seems OK.

Mail logs don't show anything unusual.... but I see this in WHM mail delivery stats:

Top 50 host destinations by message count
-----------------------------------------

10319 47MB local
811 2957KB mail.customerdomain.com
17 356KB mx01.mail.bellsouth.net
11 225KB mx00.mail.bellsouth.net
9 56KB mx2.hotmail.com

Notice the local number.... awfully high.

It appears I have a "dictionary" style spam attack on one of my domains as well. I am getting thousands of messages like

al@mydomain.com
albert@mydomain.com
alfred@mydomain.com
alma@mydomain.com
almond@mydomain.com

which are all getting sent to :blackhole:

But I am not sure what to do to stop the high resource usage.... is it due to the "dictionary" attack?

Or is someone trying to spam through my server?

Or is this due to recursive lookups? etc.


Can anyone point me the right direction to start?

Thanks in advance.

[Cscarlet]

I'm seeing something familiar just someone is sending an email about rolex's getting bounce backs but I can't seem to find any records that match within the exim logs