exim on xxx.xxxxxxxx.com failed

[maverick23]

I have tried everything

i have done upcp --force
eximup--force
reinstalled exim... even changed from stable to current and from current to edge... have gone through all the threads but did not find any solution for my problem...

nothing in exim_paniclog
nothing different in exim_main log too..

Yes but one thing is there that i have apf and bfd installed on my box

and everyday around 400 Ip's get blocked cuz of being blacklisted in RBL's

can some one suggest me what can be the problem....?


any ideas????

 

[maverick23]

Strange that no one has any clue about it :-(

 

[Abizer]

Very stange No idea (

 

[maverick23]

After looking at the /var/log/messages i was getting messages like:-

Sep 21 18:36:53 nw1 kernel: ** IN_SANITY **IN=eth0 OUT= MAC=00:0d:61:43:75:38:00:0f:34:38:3c:8
0:08:00 SRC=200.96.209.235 DST=xx.xxx.xxx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=9104 PROTO=TC
P SPT=113 DPT=57952 WINDOW=0 RES=0x00 ACK RST FIN URGP=0
Sep 21 18:40:02 ns1 BFD(13910): {exim} 221.135.226.3 exceeded login failures; executed ban com
mand '/etc/apf/apf -d 221.135.226.3 {bfd.exim}'.
Sep 21 18:40:08 ns1 BFD(13910): {exim} 222.241.176.73 exceeded login failures; executed ban co
mmand '/etc/apf/apf -d 222.241.176.73 {bfd.exim}'.
Sep 21 18:44:44 nw1 exim: clamd shutdown succeeded
Sep 21 18:44:44 nw1 exim: exim shutdown failed
Sep 21 18:44:44 nw1 exim: antirelayd shutdown succeeded
Sep 21 18:44:45 nw1 exim: spamd shutdown succeeded
Sep 21 18:44:47 nw1 exim: clamd startup succeeded
Sep 21 18:44:47 nw1 exim: exim startup succeeded
Sep 21 18:44:48 nw1 exim: exim startup succeeded
Sep 21 18:44:48 nw1 exim: antirelayd startup succeeded
Sep 21 18:44:50 nw1 exim: spamd startup succeeded
Sep 21 18:44:50 nw1 antirelayd: antirelayd shutdown succeeded
Sep 21 18:44:51 nw1 antirelayd: antirelayd startup succeeded


at this point the exim was crashing... then i thought may be i should check my firewall... and then i upgraded the version of APF..earlier version of APF was 0.9.5 and now is 0.9.6...

and my prolem is resolved....

but i have a new issue now....my servers IP was getting blacklisted again and again at bl.spamcop.net then i had to write them a mail for asking about the reason.... the reply which i got is given below which i could not understand.... can some one help me out in this as in what they are trying to refer to??

Reply from Spamcop People

This server is sending Challenge/Response mails to the forged from addresses in spams inbound to the server. Effective spam management tools should place the burden either on the spammer, on the sending mailserver, or, at the very least, on the person receiving the benefits of the filtering (the mail recipient). Instead, Challenge/Response puts the burden on, at best, a person not directly benefitting, and, quite likely, a completely innocent party by sending the C/R to the forged "from" address. The sending mailserver which is sending the spam -- voluntarily or involuntarily via a compromised machine -- is not notified of the problem which it should be. The only beneficiary of C/R is the sender, at the cost of inconveniencing everyone else.


Any suggestions?

 

[AndyReed]

Reply from Spamcop People

This server is sending Challenge/Response mails to the forged from addresses in spams inbound to the server. Effective spam management tools should place the burden either on the spammer, on the sending mailserver, or, at the very least, on the person receiving the benefits of the filtering (the mail recipient). Instead, Challenge/Response puts the burden

Autoresponder is the culprit, in this case. Many users are using autoresponders to reply to their clients. Since these email addresses get hit with SPAM, autoresponder sends out/responds to these forged email addresses causing your mail server to get blacklisted by SpamCop, SpamHaus and many others. The best way is to disable these autoresponders, which is not possible for many of your clients. To see who is using autoresponder, run this command at the prompt:

grep autorespond /etc/valiases/*

Although this is not related to your issue, but just in case you need to learn how to disable delayed bounce back messages in exim, go to:
http://www.farhad.ca/2006/07/27/how-to-disable-delayed-bounce-back-messages-in-exim/

 

[cynux]

Autoresponder is the culprit, in this case. Many users are using autoresponders to reply to their clients. Since these email addresses get hit with SPAM, autoresponder sends out/responds to these forged email addresses causing your mail server to get blacklisted by SpamCop, SpamHaus and many others. The best way is to disable these autoresponders, which is not possible for many of your clients. To see who is using autoresponder, run this command at the prompt:

grep autorespond /etc/valiases/*

Although this is not related to your issue, but just in case you need to learn how to disable delayed bounce back messages in exim, go to:
http://www.farhad.ca/2006/07/27/how-to-disable-delayed-bounce-back-messages-in-exim/

It's not just auto-responders.

when a user quota is over limit, all the emails are bounced by exim, rather then rejecting it at the time of delivery... which really sucks! like it or not.. it is a serious problem... i was blacklisted by spamcop twice.. and I dont think cpanel is even bothering about it, as it's big problem..

 

[maverick23]

I am using this server for only my site's and i know there are no autoresponders.... can it be box trapper? as i have it enabled in most of my accounts....?

 

[maverick23]

just checked none of the accounts are over quota....

 

[cynux]

ah.. that message wasn't for you, i posted in wrong thread.. sorry..

 

[cynux]

Reply from Spamcop People

This server is sending Challenge/Response mails to the forged from addresses in spams inbound to the server. Effective spam management tools should place the burden either on the spammer, on the sending mailserver, or, at the very least, on the person receiving the benefits of the filtering (the mail recipient). Instead, Challenge/Response puts the burden on, at best, a person not directly benefitting, and, quite likely, a completely innocent party by sending the C/R to the forged "from" address. The sending mailserver which is sending the spam -- voluntarily or involuntarily via a compromised machine -- is not notified of the problem which it should be. The only beneficiary of C/R is the sender, at the cost of inconveniencing everyone else.


Any suggestions?

like it or not that is a problem with the way cpanel's mailing system is setup... when cpanel implemented quota system for email accounts.. they should have have implemented a way to reject emails at the time of delivery instead of bouncing them... so you'r left to find a way to bounce the emails at the time to reject emails at the time of delivery... so you can use a perl script to check if the account is 98-99% full.... and if it is.. reject the email...

 

[cynux]

a small hint.. use /etc/exim.pl & ACL

 

[cnwu]

test more

a small hint.. use /etc/exim.pl & ACL

yeah! you can do it best . trust yourself!

 

[maverick23]

already using it

 

[cynux]

already using it

use it to check the quota of each user.. if it's 98% used.. reject they email or just defer it... choice is yours.. that'll fix the bounces for over quota accounts....