The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim going crazy, high server load

Discussion in 'General Discussion' started by horrighs, Apr 13, 2004.

  1. horrighs

    horrighs Well-Known Member

    Joined:
    Mar 8, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    I am chasing my tail here and was hoping someone could help me.

    My Exim is freaking out. its opening hundredes of extra connections here is the top of top:

    08:21:23 up 1 day, 8:21, 2 users, load average: 375.31, 362.00, 300.46
    702 processes: 698 sleeping, 2 running, 0 zombie, 2 stopped
    CPU states: cpu user nice system irq softirq iowait idle
    total 8.3% 0.0% 75.8% 0.0% 0.1% 14.9% 0.5%
    cpu00 9.7% 0.0% 77.6% 0.0% 0.1% 12.0% 0.3%
    cpu01 7.8% 0.0% 75.6% 0.0% 0.0% 16.4% 0.0%
    cpu02 6.5% 0.0% 74.9% 0.0% 0.0% 16.8% 1.6%
    cpu03 9.3% 0.0% 75.3% 0.3% 0.3% 14.4% 0.1%
    Mem: 1028484k av, 997464k used, 31020k free, 0k shrd, 49548k buff
    552620k actv, 70204k in_d, 13800k in_c
    Swap: 2048276k av, 144768k used, 1903508k free 133080k cached


    of the 702 process like 600 would be exim related, some sendmail. I am guessing this is some type of user either spamming or sending alot of mail but how can i track it down? Looking over the logs there is not one secific person getting/sending crazy amounts of mail that i can see.
     
  2. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Although I'm not sure why you say the problem is Exim, you definitely have a problem. I'm surprized the Server is even operating at such a high load -- some services are probably very slow or not working at all.

    Your best bet is to reboot the Server to bring things back to managable then have a look at your settings for Apache, mySQL, and WHM, for how many eMails are allowed to be sent per hour.

    I've seen other Servers with high loads like this and also noticed they, like you, run IRC. I would take a guess and say that could be the problem, if not mySQL and/or some Perl scripts.
     
  3. horrighs

    horrighs Well-Known Member

    Joined:
    Mar 8, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    I dont run IRC, and yes the server is quite slow, it still is resopoding however...

    I dont see that we are sending alot of messages per hour but how can i tell?

    I did have another server that php mail() command seemed to be leaving exim/sendmail open but all i did was edit the php.ini to /dev/null instead of the correct path to sendmail. I did that on this box to no luck.

    Mysql doesnt look to bad, but how can i track down a bad perl script or something? i guess how i can get a list of what userid is sending these messages? that way i could disable offending account at least.
     
  4. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    Did you look at the exim logs?

    cd /var/log/exim

    tail -f mainlog

    Also, look at the Apache Status in WHM to give you an idea which site may be using a perl script.
     
  5. Doctor

    Doctor Well-Known Member

    Joined:
    Apr 26, 2003
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    What kernel and OS are you running on?
     
  6. Doctor

    Doctor Well-Known Member

    Joined:
    Apr 26, 2003
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    Also, what made you so sure it is Exim that is causing such problems? Do you have Mailscanner installed and spam filter enabled?
     
  7. horrighs

    horrighs Well-Known Member

    Joined:
    Mar 8, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    I am on:

    Linux 2.4.21-4.0.1.ELsmp #1 SMP Thu Oct 23 01:27:36 EDT 2003 i686 i686 i386 GNU/Linux

    I am assuming its Exim as that is what is hanging up with hundreds of extra processes.

    Steve
     
  8. daWeazy

    daWeazy Member

    Joined:
    Jan 1, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    California
    I have been fighting this issues ever few days.. I think what is going on is that a spammer is flooding the hell out of the smtp service and exim starts to fork proccesses and never stops forking. My exim_reject log just for today is 3megs.. Everytime this problem happens my exim_mainlog and exim_reject log are massive in size. I have setup every spam blocking feature know to man for exim/spamassassin.

    What I am doing now is manually iptables/firewalling every address I see in the exim_rejectlog. I am hoping this will help a bit. This issue is due to a spammer flooding your smtp server from multiple hosts. Let me know what you guys think
     
  9. horrighs

    horrighs Well-Known Member

    Joined:
    Mar 8, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    check your /etc/valises folder

    do a ' grep fail * '

    if anyone put a fail in without the two colons like :fail: it could be your problem... or if not fail, :blackhole:

    Steve
     
  10. daWeazy

    daWeazy Member

    Joined:
    Jan 1, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    California
    nah I dont think this is the issue but I will watch it.
     
  11. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    hi there,
    i have the same problem:

    http://www.webhostingtalk.com/showthread.php?threadid=261118

    and:
    http://www.webhostingtalk.com/showthread.php?threadid=261804
    ----
    tried to disable spam assassin in WHM (suppose it handle a lot of spams and and generate high server load) but it didn't help.
    Then i Enable "Prevent the user 'nobody' from sending out mail to remote addresses" in WHM -> Tweak Settings
    Now the server load is going dow at a normal Level. However i can still finde about 5000 mails in queue as the following below. I think there is installed some php script sending spam for server....


    -----
    1BEtg6-00087C-Pc-H
    mailnull 47 12
    <>
    1082223150 0
    -ident mailnull
    -received_protocol local
    -body_linecount 597
    -frozen 1082267923
    -localerror
    XX
    1
    03618@host.wproperu.com

    151P Received: from mailnull by myserver.domain.com with local (Exim 4.24)
    id 1BEtg6-00087C-Pc
    for 03618@host.wproperu.com; Sat, 17 Apr 2004 19:32:30 +0200
    041 X-Failed-Recipients: u@myserver.domain.com
    031 Auto-Submitted: auto-generated
    061F Wrom: SQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBO
    028T To: 03618@host.wproperu.com
    059 Subject: Mail delivery failed: returning message to sender
    050I Message-Id: <E1BEtg6-00087C-Pc@myserver.domain.com>
    038 Date: Sat, 17 Apr 2004 19:32:30 +0200


    1BEtg6-00087C-Pc-D
    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    u@myserver.domain.com
    Unrouteable address

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <03618@host.wproperu.com>
    Received: from [64.76.72.236] (helo=myserver.domain.com)
    by myserver.domain.com with esmtp (Exim 4.24)
    id 1BEtg3-00086b-MK
    for u@myserver.domain.com; Sat, 17 Apr 2004 19:32:27 +0200
    Wrom: HMKHJYFMYXOEAIJJPHSCRTN
    To: u@myserver.domain.com
    Subject: Re: Old photos
    Date: Thu, 17 Apr 2003 12:32:57 -0500
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
    X-Priority: 3
    X-MSMail-Priority: Normal
    Message-Id: <E1BEtg3-00086b-MK@myserver.domain.com>

    This is a multi-part message in MIME format.

    ------=_NextPart_000_0016----=_NextPart_000_0016
    Content-Type: text/plain;
    charset="Windows-1252"
    Content-Transfer-Encoding: 7bit

    Greetings from france,

    your friend.


    ------=_NextPart_000_0016----=_NextPart_000_0016
    Content-Type: application/octet-stream;
    name="old_photos_u.scr"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="old_photos_u.scr"
    ----
     
  12. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    afther a few days i can say this has NOT solved the problem.... so i am still fighting against this problem.. Has anyone found a solution?
     
  13. Sabaote

    Sabaote Well-Known Member

    Joined:
    Dec 19, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Ribeirao Preto, Brazil
    I'm having the same problema..
    Im my case.. the load is between 60% and 99%

    i'm crazy.. i can't find nothing for help-me...
    if somebody knows how to fix.. please..

    thanks!
     
  14. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    Check the mailscanner and clamscan... On my the high load is becaose those two...
     
  15. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    mailscanner and clamscan ? what does this exactly and can those services ben disable??
     
  16. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    MailScanner & ClamScan are antivirus software, to stop this try killall -9 MailScan and to run - search for the path mailscanner in your system and in mailscanner/bin try ./check_mailscanner.

    Of course, if you have them installed :p
     
  17. Sabaote

    Sabaote Well-Known Member

    Joined:
    Dec 19, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Ribeirao Preto, Brazil
    I uninstall this 2.. The MailScanner and Stop de Clamav.. cause they was load so much my server...

    And the Exim crash everytime..

    Now.. the exim continue with load between 40% and 99%
    ...
     
  18. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    So my advice - better install them both now, wget the newest versions of MailScanner and ClamAV, but this is very strange that after uninstallign the exim gone creazy... Maybe check its configuration in /etc/exim ?
     
  19. mike_r

    mike_r Well-Known Member

    Joined:
    Nov 26, 2002
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Well if you are hosting a forum with a lot of members, if they massmail their members then exim will generate very high loads and its nothing strage, its just normal.

    I had a forum with only 4k members and when I mass mailed them the load rised from 0.16 and went upto 9, then i killed httpd and mysql and started after 5 mins. Then it was fine.
     
  20. WreckRman2

    WreckRman2 Member

    Joined:
    Nov 25, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indianapolis, IN
    I too am having the same typr of problems and the mail queue just continues to pile up. This afternoon I had more than 60000 emails in the queue.
     
Loading...

Share This Page