The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim on xxx.xxxxxxxx.com failed

Discussion in 'General Discussion' started by maverick23, Sep 20, 2006.

  1. maverick23

    maverick23 Well-Known Member

    Joined:
    Feb 23, 2005
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    I have tried everything

    i have done upcp --force
    eximup--force
    reinstalled exim... even changed from stable to current and from current to edge... have gone through all the threads but did not find any solution for my problem...

    nothing in exim_paniclog
    nothing different in exim_main log too..

    Yes but one thing is there that i have apf and bfd installed on my box

    and everyday around 400 Ip's get blocked cuz of being blacklisted in RBL's

    can some one suggest me what can be the problem....?


    any ideas????
     
  2. maverick23

    maverick23 Well-Known Member

    Joined:
    Feb 23, 2005
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    Strange that no one has any clue about it :-(
     
  3. Abizer

    Abizer Registered

    Joined:
    Aug 10, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    nasik india
    Very stange No idea :((
     
  4. maverick23

    maverick23 Well-Known Member

    Joined:
    Feb 23, 2005
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    After looking at the /var/log/messages i was getting messages like:-

    Sep 21 18:36:53 nw1 kernel: ** IN_SANITY **IN=eth0 OUT= MAC=00:0d:61:43:75:38:00:0f:34:38:3c:8
    0:08:00 SRC=200.96.209.235 DST=xx.xxx.xxx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=9104 PROTO=TC
    P SPT=113 DPT=57952 WINDOW=0 RES=0x00 ACK RST FIN URGP=0
    Sep 21 18:40:02 ns1 BFD(13910): {exim} 221.135.226.3 exceeded login failures; executed ban com
    mand '/etc/apf/apf -d 221.135.226.3 {bfd.exim}'.
    Sep 21 18:40:08 ns1 BFD(13910): {exim} 222.241.176.73 exceeded login failures; executed ban co
    mmand '/etc/apf/apf -d 222.241.176.73 {bfd.exim}'.
    Sep 21 18:44:44 nw1 exim: clamd shutdown succeeded
    Sep 21 18:44:44 nw1 exim: exim shutdown failed
    Sep 21 18:44:44 nw1 exim: antirelayd shutdown succeeded
    Sep 21 18:44:45 nw1 exim: spamd shutdown succeeded
    Sep 21 18:44:47 nw1 exim: clamd startup succeeded
    Sep 21 18:44:47 nw1 exim: exim startup succeeded
    Sep 21 18:44:48 nw1 exim: exim startup succeeded
    Sep 21 18:44:48 nw1 exim: antirelayd startup succeeded
    Sep 21 18:44:50 nw1 exim: spamd startup succeeded
    Sep 21 18:44:50 nw1 antirelayd: antirelayd shutdown succeeded
    Sep 21 18:44:51 nw1 antirelayd: antirelayd startup succeeded


    at this point the exim was crashing... then i thought may be i should check my firewall... and then i upgraded the version of APF..earlier version of APF was 0.9.5 and now is 0.9.6...

    and my prolem is resolved....

    but i have a new issue now....my servers IP was getting blacklisted again and again at bl.spamcop.net then i had to write them a mail for asking about the reason.... the reply which i got is given below which i could not understand.... can some one help me out in this as in what they are trying to refer to??

    Reply from Spamcop People

    This server is sending Challenge/Response mails to the forged from addresses in spams inbound to the server. Effective spam management tools should place the burden either on the spammer, on the sending mailserver, or, at the very least, on the person receiving the benefits of the filtering (the mail recipient). Instead, Challenge/Response puts the burden on, at best, a person not directly benefitting, and, quite likely, a completely innocent party by sending the C/R to the forged "from" address. The sending mailserver which is sending the spam -- voluntarily or involuntarily via a compromised machine -- is not notified of the problem which it should be. The only beneficiary of C/R is the sender, at the cost of inconveniencing everyone else.


    Any suggestions?
     
  5. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Autoresponder is the culprit, in this case. Many users are using autoresponders to reply to their clients. Since these email addresses get hit with SPAM, autoresponder sends out/responds to these forged email addresses causing your mail server to get blacklisted by SpamCop, SpamHaus and many others. The best way is to disable these autoresponders, which is not possible for many of your clients. To see who is using autoresponder, run this command at the prompt:

    grep autorespond /etc/valiases/*

    Although this is not related to your issue, but just in case you need to learn how to disable delayed bounce back messages in exim, go to:
    http://www.farhad.ca/2006/07/27/how-to-disable-delayed-bounce-back-messages-in-exim/
     
  6. cynux

    cynux Well-Known Member

    Joined:
    Jul 30, 2005
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    16

    It's not just auto-responders.

    when a user quota is over limit, all the emails are bounced by exim, rather then rejecting it at the time of delivery... which really sucks! like it or not.. it is a serious problem... i was blacklisted by spamcop twice.. and I dont think cpanel is even bothering about it, as it's big problem.. :rolleyes:
     
  7. maverick23

    maverick23 Well-Known Member

    Joined:
    Feb 23, 2005
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    I am using this server for only my site's and i know there are no autoresponders.... can it be box trapper? as i have it enabled in most of my accounts....?
     
    #7 maverick23, Sep 22, 2006
    Last edited: Sep 22, 2006
  8. maverick23

    maverick23 Well-Known Member

    Joined:
    Feb 23, 2005
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    just checked none of the accounts are over quota....
     
  9. cynux

    cynux Well-Known Member

    Joined:
    Jul 30, 2005
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    16
    ah.. that message wasn't for you, i posted in wrong thread.. sorry..
     
  10. cynux

    cynux Well-Known Member

    Joined:
    Jul 30, 2005
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    16

    like it or not that is a problem with the way cpanel's mailing system is setup... when cpanel implemented quota system for email accounts.. they should have have implemented a way to reject emails at the time of delivery instead of bouncing them... so you'r left to find a way to bounce the emails at the time to reject emails at the time of delivery... so you can use a perl script to check if the account is 98-99% full.... and if it is.. reject the email...
     
  11. cynux

    cynux Well-Known Member

    Joined:
    Jul 30, 2005
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    16
    a small hint.. use /etc/exim.pl & ACL
     
  12. cnwu

    cnwu Registered

    Joined:
    Sep 22, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    cn
    test more

    yeah! you can do it best . trust yourself!
     
  13. maverick23

    maverick23 Well-Known Member

    Joined:
    Feb 23, 2005
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    already using it :(
     
  14. cynux

    cynux Well-Known Member

    Joined:
    Jul 30, 2005
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    16
    use it to check the quota of each user.. if it's 98% used.. reject they email or just defer it... choice is yours.. that'll fix the bounces for over quota accounts....
     
    #14 cynux, Sep 22, 2006
    Last edited: Sep 22, 2006
Loading...

Share This Page