Email Delivery Failure Messages

Hello,

This usually occurs when an email is sent from a PHP script that doesn't use SMTP authentication, the return path is set to the mentioned email, if there is some kind of bounce back or automated reply, it will go to that returnpath which doesn't exist and will just sit in your mail queue until its unfrozen and removed. If you see lots of these, it could be an indication of a malicious script sending out spam. You can trace them in SSH using:

Code:

# head -1 /var/log/exim_mainlog | awk '{print $1}' ; awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr | head --lines 15 | egrep -v ' cwd=(/$|/etc/csf|/var/spool/exim)' ; tail -1 /var/log/exim_mainlog | awk '{print From $1}'

Either way, its always best to configure the script to send out using SMTP authentication, it usually results in better delivery in terms of ending up in spam, etc.