The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

After spammer attack emails are all in queue and not delivered

Discussion in 'E-mail Discussions' started by gabrydoc3, Mar 23, 2014.

  1. gabrydoc3

    gabrydoc3 Registered

    Joined:
    Mar 23, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi all,
    I have this problem, exim stop send mail from 2 days, i can receive mail in my main account and now are all in cpanle mail queue manager.
    This a part of mail exim_mainlog

    Code:
    2014-03-23 13:03:38 1WRcZH-0005HM-Jg liberomx1.domain.com [212.52.xx.xx] Connection timed out
    2014-03-23 13:04:48 1WRcZi-0005Yc-U7 liberomx1.domain.com [212.52.xx.xx] Connection timed out
    2014-03-23 13:04:48 1WRcZi-0005Yc-U7 == antonio.sambataro@domain.com R=lookuphost T=remote_smtp defer (110): Connection timed out
    2014-03-23 13:04:58 1WRgz8-0000Ch-57 liberomx3.domain.com [212.52.84.67] Connection timed out
    2014-03-23 13:05:23 1WRg2h-0007zh-4v alt3.gmail-smtp-in.l.google.com [173.194.xx.xx] Connection timed out
    2014-03-23 13:05:25 cwd=/etc/csf 2 args: /usr/sbin/exim -bpc
    2014-03-23 13:05:31 1WRcaY-0005wX-Ci mx3.hotmail.com [65.54.xx.xx] Connection timed out
    2014-03-23 13:05:31 1WRcaY-0005wX-Ci == io-sono-75@domain3.it R=lookuphost T=remote_smtp defer (110): Connection timed out
    2014-03-23 13:05:45 SMTP connection from [89.118.xx.xx]:51282 (TCP/IP connection count = 1)
    2014-03-23 13:05:45 no IP address found for host 89-118-51-30-static.domain3.net (during SMTP connection from [89.118.xx.xx]:51282)
    2014-03-23 13:05:46 1WRcZH-0005HM-Jg liberomx1.domain.com [212.52.xx.xx] Connection timed out
    2014-03-23 13:05:46 1WRcZH-0005HM-Jg == vampirellilith@domain.com R=lookuphost T=remote_smtp defer (110): Connection timed out
    2014-03-23 13:05:48 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
    2014-03-23 13:05:54 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
    2014-03-23 13:06:05 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
    2014-03-23 13:06:22 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
    2014-03-23 13:06:25 cwd=/etc/csf 4 args: /usr/sbin/sendmail -f root -t
    2014-03-23 13:06:25 1WRhAX-00027n-HU <= root@ks208859.domain2.com U=root P=local S=1388 T="lfd on ks208859.domain2.com: blocked 89.118.xx.xx (IT/Italy/89-118-51-30-static.domain3.net)" for root
    2014-03-23 13:06:25 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WRhAX-00027n-HU
    2014-03-23 13:06:25 1WRhAX-00027n-HU User 0 set for local_delivery transport is on the never_users list
    2014-03-23 13:06:25 1WRhAX-00027n-HU == root@ks208859.domain2.com R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
    2014-03-23 13:06:25 1WRhAX-00027n-HU ** root@ks208859.domain2.com: retry timeout exceeded
    2014-03-23 13:06:25 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1WRhAX-00027n-HU
    2014-03-23 13:06:25 1WRhAX-00027v-MA <= <> R=1WRhAX-00027n-HU U=mailnull P=local S=2245 T="Mail delivery failed: returning message to sender" for root@ks208859.domain2.com
    2014-03-23 13:06:25 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WRhAX-00027v-MA
    2014-03-23 13:06:25 1WRhAX-00027v-MA User 0 set for local_delivery transport is on the never_users list
    2014-03-23 13:06:25 1WRhAX-00027v-MA == root@ks208859.domain2.com R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
    2014-03-23 13:06:25 1WRhAX-00027v-MA ** root@ks208859.domain2.com: retry timeout exceeded
    2014-03-23 13:06:25 1WRhAX-00027v-MA root@ks208859.domain2.com: error ignored
    2014-03-23 13:06:25 1WRhAX-00027n-HU Completed
    2014-03-23 13:06:25 1WRhAX-00027v-MA Completed
    I tried to put csf in medium protection but still not work.
    I checked if my domain (domain.com) is blacklisted but its ok.
    I dont know whats happened in last 48 hours, before all worked...
    Can you help me please?
     
    #1 gabrydoc3, Mar 23, 2014
    Last edited by a moderator: Mar 23, 2014
  2. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    569
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Since you've modified the log file to show false information, it's rather difficult to help you. However, I do see that the IP address 89.118.51.30 is blocked by several blacklists.

    Looking at MX Toolbox Blacklist, I currently see 7 different RBL's. If that's your IP address then that is the cause of the problem.
     
  3. gabrydoc3

    gabrydoc3 Registered

    Joined:
    Mar 23, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you for your answer, sorry but i have simply copy and past a part of my exim.log without hide nothing.
    I can paste all if you need for help me.
    I don't undestand one think: my server IP is 94.23.231.116 and you speak about other IP above.
    Anyway i checked now this IP also and i see im in some blacklist.
    Now i try to resolve soon all and thank you again.
     
  4. gabrydoc3

    gabrydoc3 Registered

    Joined:
    Mar 23, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Somebody can help me please? Im not a different user and i pay every month license of cPanel.
    I never post here because fortunately all was good until now.
    Now i asked help about this problem but it seems nobody interest about that...
     
Loading...

Share This Page