My server this with load average 105.80, Somebody is using the EXIM of my server.

[WhiteBear]

Please, can you help me?

They are using my server to make Spam. As I decide this problem.

Thank you,

WhiteBear

[bjarne]

At least check the mailque and delete it if it is huge - more then 1000 emails.

Check WHM settings and set a max each domain can send pr hour, remove the formmail and if that does not help - call 911

No but you could remove permitions for nobody to send mail - that would help.

If load is critical try and stop apache webserver for a litle while, that might actualy help.

Removing the mailq and look after what get's there can help you track the spammer - wich domain is being used.

[sawbuck]

Have you turned on SMTP authentication in WHM Service Configuration?

[WhiteBear]

1Bpa4l-0003Pd-4g-H
mailnull 47 12
This is one of used heading for the SPAMER:


<>
1090965935 0
-ident mailnull
-received_protocol local
-body_linecount 53
-frozen 1090965935
-localerror
XX
1
BKJPMZWYNRU@yahoo.com

149P Received: from mailnull by server.server.com with local (Exim 4.34)
id 1Bpa4l-0003Pd-4g
for BKJPMZWYNRU@yahoo.com; Tue, 27 Jul 2004 19:05:35 -0300
044 X-Failed-Recipients: usua@server.server.com
031 Auto-Submitted: auto-generated
061F From: Mail Delivery System <Mailer-Daemon@server.server.com>
026T To: BKJPMZWYNRU@yahoo.com
059 Subject: Mail delivery failed: returning message to sender
050I Message-Id: <E1Bpa4l-0003Pd-4g@server.server.com>
038 Date: Tue, 27 Jul 2004 19:05:35 -0300

[WhiteBear]

This is a complete message that consists in the mail queue:

1BpZDg-0007XO-A4-H
mailnull 47 12
<>
1090962644 0
-ident mailnull
-received_protocol local
-body_linecount 65
-frozen 1090962644
-localerror
XX
1
bernus07wJHVUP@bsixm.net

152P Received: from mailnull by server.server.com with local (Exim 4.34)
id 1BpZDg-0007XO-A4
for bernus07wJHVUP@bsixm.net; Tue, 27 Jul 2004 18:10:44 -0300
123 X-Failed-Recipients: bernus95@aol.com,
sarah82683@aol.com,
tazehouse@aol.com,
tazeguigui@aol.com,
bernus07@aol.com
031 Auto-Submitted: auto-generated
061F From: Mail Delivery System <Mailer-Daemon@server.server.com>
029T To: bernus07wJHVUP@bsixm.net
059 Subject: Mail delivery failed: returning message to sender
050I Message-Id: <E1BpZDg-0007XO-A4@server.server.com>
038 Date: Tue, 27 Jul 2004 18:10:44 -0300


1BpZDg-0007XO-A4-D
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

bernus95@aol.com
SMTP error from remote mailer after MAIL FROM:<bernus07wJHVUP@bsixm.net>:
host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
DNS FAILURE
sarah82683@aol.com
SMTP error from remote mailer after MAIL FROM:<bernus07wJHVUP@bsixm.net>:
host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
DNS FAILURE
tazehouse@aol.com
SMTP error from remote mailer after MAIL FROM:<bernus07wJHVUP@bsixm.net>:
host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
DNS FAILURE
tazeguigui@aol.com
SMTP error from remote mailer after MAIL FROM:<bernus07wJHVUP@bsixm.net>:
host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
DNS FAILURE
bernus07@aol.com
SMTP error from remote mailer after MAIL FROM:<bernus07wJHVUP@bsixm.net>:
host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
DNS FAILURE

------ This is a copy of the message, including all the headers. ------

Return-path: <bernus07wJHVUP@bsixm.net>
Received: from nobody by server.server.com with local (Exim 4.34)
id 1BpZDg-0007XL-4A; Tue, 27 Jul 2004 18:10:44 -0300
To: bernus07@aol.com,tazeguigui@aol.com,...rnus95@aol.com
Subject: Workplace taking up all your time and need that extra degree?
From: <bernus07wJHVUP@bsixm.net>
X-Mailer: Servico de formulario gratuito - Webmasters Online
Message-Id: <E1BpZDg-0007XL-4A@server.server.com>
Date: Tue, 27 Jul 2004 18:10:44 -0300


recipient = bernus07@aol.com,tazeguigui@aol.com,...rnus95@aol.com+============================================+
subject = Workplace taking up all your time and need that extra degree?+============================================+
email = bernus07wJHVUP@bsixm.net+============================================+
FSvSthSyAx29447 =

It's now possible to Earn Affordable Accredited Degree!

*No Studies
*No Attendance
*No Waiting
*No Examinations

Just a dial-pad away_1-253-369-6717 B4zGCJvIaGu6CIO0woy2kg


Stop.Receivng E-mails geocities.com/jedwardwi/hey







+============================================+
realname = bernus07+============================================+


Thank you,

WhiteBear

[sawbuck]

Have you tried anything suggested so far? Do you have any of the normal restrictions in place ie: user "nobody" allowed to send email, etc? You can add logging to exim and then tail the mainlog file. Also grep “message ID” /var/log/exim_*

[WhiteBear]

Have you turned on SMTP authentication in WHM Service Configuration?

How I configure the SMTP authentication in WHM?

Thank you,

WhiteBear

[sawbuck]

Assuming you have root access to WHM. Service Configuration>>Exim Configuration Editor>>Verify the existence of email senders
Also in WHM under Server Setup>>Tweak Settings>>Prevent user nobody from sending email. Also should consider limiting the number of emails per hour allowed to be sent.

[WhiteBear]

Done. I go to look at if it continues the sending of e-mails.

Thank you, Sawbuck

WhiteBear

[hicom]

I'm wondering , doesn't limiting the emails per hours allowed to send per domain also causes problems with large mailman mailing lists ?

[sawbuck]

It can, but you can adjust it accordingly when you get your spam problem under control. You can also throttle back large lists to only send a certain number per hour.