The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EXIM killing server Load 100+

Discussion in 'General Discussion' started by Shadeaux, Nov 22, 2006.

  1. Shadeaux

    Shadeaux Registered

    Joined:
    Nov 19, 2001
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I have been forced to stop the exim service. I have ClamAV and Spam Assassin installed. Apparently, one of my domains is bein SPAM'd with a super high volume. The second I restart the EXIM service, the server load goes from 0.3 to 150!! It goes thru the startup process, and once Antirelayd starts, things slow to a stand still, then, after about 4 minutes of waiting, spamd starts, then its done.but the server load climbs and stays at this high level. I have tried to add a setting in the antivirus.exim file, but that did no good. I have tried to suspend the account in question, that did not help either. the only thing that works is to shut down exim. I really need help here. How do I stop this SPAM, or at least kill it once it hits the server?
     
  2. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    change that domains "default address" - i.e .the catchall to :fail:

    That will stop any spam and bogus email addresses.

    Setup all the email addresses you need on that domain.
     
  3. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    If you have a spammer in-house, the best solution is to track down and to eliminate their script.
     
  5. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Great advice however Shadeaux has pointed out that the problem is incoming spam, not outgoing spam. Shadeaux, in your logs can you see if the spam is consistantly from the same IP range? Perhaps you can either (a) ban the lot in your firewall or (b) talk to your DC about null routing traffic to you from them. If it's from a wide range your only solution will be to suspend the account and see if you can get the dictionary attack script work it's magic.

    [sneaky side note] I'm wondering what setting the MX for that given domain to 127.0.0.1 would do - would it push the connection back at the spamming machine, thus nulling traffic? It's early, I was up late and have had no coffee... anyone else think this might be a backhanded way to solve this? :)

    [humble side note] I also just noticed this post is a month old with no reply from the OP. I need to check dates more often...
     
  6. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    This is not true. You need to read the posting one more time. It is not clear whether it is incoming or outgoing.

    I think you should drink your coffee before responding :rolleyes:
     
  7. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Wowee, Andy. Hostile today? The person says in the very first sentence of the post that one of their domains is being spammed at a very high volume. Am I giving too much credit to think they might know the difference between incoming and outgoing mail? Maybe. But he says he suspended the account, which would stop any offending scripts from running.... :rolleyes:
     
Loading...

Share This Page