After spammer attack emails are all in queue and not delivered

gabrydoc3

Registered
Mar 23, 2014
3
0
1
cPanel Access Level
Root Administrator
Hi all,
I have this problem, exim stop send mail from 2 days, i can receive mail in my main account and now are all in cpanle mail queue manager.
This a part of mail exim_mainlog

Code:
2014-03-23 13:03:38 1WRcZH-0005HM-Jg liberomx1.domain.com [212.52.xx.xx] Connection timed out
2014-03-23 13:04:48 1WRcZi-0005Yc-U7 liberomx1.domain.com [212.52.xx.xx] Connection timed out
2014-03-23 13:04:48 1WRcZi-0005Yc-U7 == [email protected] R=lookuphost T=remote_smtp defer (110): Connection timed out
2014-03-23 13:04:58 1WRgz8-0000Ch-57 liberomx3.domain.com [212.52.84.67] Connection timed out
2014-03-23 13:05:23 1WRg2h-0007zh-4v alt3.gmail-smtp-in.l.google.com [173.194.xx.xx] Connection timed out
2014-03-23 13:05:25 cwd=/etc/csf 2 args: /usr/sbin/exim -bpc
2014-03-23 13:05:31 1WRcaY-0005wX-Ci mx3.hotmail.com [65.54.xx.xx] Connection timed out
2014-03-23 13:05:31 1WRcaY-0005wX-Ci == [email protected] R=lookuphost T=remote_smtp defer (110): Connection timed out
2014-03-23 13:05:45 SMTP connection from [89.118.xx.xx]:51282 (TCP/IP connection count = 1)
2014-03-23 13:05:45 no IP address found for host 89-118-51-30-static.domain3.net (during SMTP connection from [89.118.xx.xx]:51282)
2014-03-23 13:05:46 1WRcZH-0005HM-Jg liberomx1.domain.com [212.52.xx.xx] Connection timed out
2014-03-23 13:05:46 1WRcZH-0005HM-Jg == [email protected] R=lookuphost T=remote_smtp defer (110): Connection timed out
2014-03-23 13:05:48 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
2014-03-23 13:05:54 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
2014-03-23 13:06:05 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
2014-03-23 13:06:22 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
2014-03-23 13:06:25 cwd=/etc/csf 4 args: /usr/sbin/sendmail -f root -t
2014-03-23 13:06:25 1WRhAX-00027n-HU <= [email protected] U=root P=local S=1388 T="lfd on ks208859.domain2.com: blocked 89.118.xx.xx (IT/Italy/89-118-51-30-static.domain3.net)" for root
2014-03-23 13:06:25 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WRhAX-00027n-HU
2014-03-23 13:06:25 1WRhAX-00027n-HU User 0 set for local_delivery transport is on the never_users list
2014-03-23 13:06:25 1WRhAX-00027n-HU == [email protected] R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
2014-03-23 13:06:25 1WRhAX-00027n-HU ** [email protected]: retry timeout exceeded
2014-03-23 13:06:25 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1WRhAX-00027n-HU
2014-03-23 13:06:25 1WRhAX-00027v-MA <= <> R=1WRhAX-00027n-HU U=mailnull P=local S=2245 T="Mail delivery failed: returning message to sender" for [email protected]
2014-03-23 13:06:25 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WRhAX-00027v-MA
2014-03-23 13:06:25 1WRhAX-00027v-MA User 0 set for local_delivery transport is on the never_users list
2014-03-23 13:06:25 1WRhAX-00027v-MA == [email protected] R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
2014-03-23 13:06:25 1WRhAX-00027v-MA ** [email protected]: retry timeout exceeded
2014-03-23 13:06:25 1WRhAX-00027v-MA [email protected]: error ignored
2014-03-23 13:06:25 1WRhAX-00027n-HU Completed
2014-03-23 13:06:25 1WRhAX-00027v-MA Completed
I tried to put csf in medium protection but still not work.
I checked if my domain (domain.com) is blacklisted but its ok.
I dont know whats happened in last 48 hours, before all worked...
Can you help me please?
 
Last edited by a moderator:

cPanelPeter

Technical Analyst III
Staff member
Sep 23, 2013
575
21
143
cPanel Access Level
Root Administrator
Twitter
Hello,

Since you've modified the log file to show false information, it's rather difficult to help you. However, I do see that the IP address 89.118.51.30 is blocked by several blacklists.

Looking at MX Toolbox Blacklist, I currently see 7 different RBL's. If that's your IP address then that is the cause of the problem.
 

gabrydoc3

Registered
Mar 23, 2014
3
0
1
cPanel Access Level
Root Administrator
Thank you for your answer, sorry but i have simply copy and past a part of my exim.log without hide nothing.
I can paste all if you need for help me.
I don't undestand one think: my server IP is 94.23.231.116 and you speak about other IP above.
Anyway i checked now this IP also and i see im in some blacklist.
Now i try to resolve soon all and thank you again.
 

gabrydoc3

Registered
Mar 23, 2014
3
0
1
cPanel Access Level
Root Administrator
Somebody can help me please? Im not a different user and i pay every month license of cPanel.
I never post here because fortunately all was good until now.
Now i asked help about this problem but it seems nobody interest about that...