The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

1000s of bounced messages

Discussion in 'E-mail Discussions' started by fuzzie, Jun 28, 2007.

  1. fuzzie

    fuzzie Well-Known Member

    Joined:
    Oct 12, 2002
    Messages:
    131
    Likes Received:
    0
    Trophy Points:
    16
    I am getting thousands of bounced or failed messages to nobody@domain.com from vivo@vivo.com.br.
    The only way to control it is to stop exim, delete the queue. When I start exim back up, in 30 minutes, the mail is back, bouncing so many I need to do it over again.
    How do I block bounced messages from him, or just plain stop any bounced messages from being delivered?

    Can the user nobody be set to fail or discard?

    Thanks for any help!
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    You need to find the script that sends out SPAM through your server. In addition, login to the WHM >> Server Configuration >> Tweak Settings and check the checkbox next to: "Attempt to prevent pop3 connection floods"
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That WHM setting doesn't have anything to do with bounce emails or any other emails. It simply controls POP3 access to the old, deprecated cppop system.

    fuzzie, you really need to establish whether the bounces are as a result from spam being sent out from your server by looking at the bounces and tracking the headers in the exim_mainlog. If it is coming from your server, then you need to track down the offending script, most likely a compromised PHP script since it's from nobody. I have a tutorial that explains how to track these back here:
    http://www.configserver.com/free/spammers.html

    If the bounces are definitely not as a result of spam going out from your server, then you could simply block the senders email address using an exim ACL, or sticking their mailservers IP address in your firewall.
     
Loading...

Share This Page