I've been getting problems with my server mail over the last few days, and am at a loss to see where the problem is coming from. Nothing appears in my exim_mainlog file. It's blank!
In the maillog file it gives me troubling info, like the following:
I don't know if it's me reading incorrectly or what, but the above appears to indicate transfer of over 10 MILLION mail messages!! Is this correct ?Apr 5 07:39:01 server cpanelpop: Login host=xx.xx.xx.xx. ip= email@example.com firstname.lastname@example.org
Apr 5 07:54:40 server cpanelpop: Session Closed host=xx.xx.xx.xx ip= email@example.com firstname.lastname@example.org totalxfer=10833183
This has been happening for days now. My mail queue has been jammed full, and at the last clear, there was over 49,000 messages cloggin up the mail queue. The mail messages are all mail delivery failures. It has caused 2 crashes of the server in 3 days.
I have AFP installed, brute force, roothunter kits and more, and am currently installing (or trying to install !!) mod_security rules .
But I have no idea where these problems are originating. The usernames identified in the maillog and the Ip address include many email addresses that are actually MY OWN ! Including the one which I posted above.
I can download and upload megabytes of data to and from my server in minutes, such is my connection, so certainly it could cater for the suggested volume. But these events are happening AFTER whenever I LOG OFF from my server, and close my pc down for the night, and I always disconnect it from the mains supply.
Does anybody have any idea what might be going on here, and how I might find a solution to it?