exim on xxx.xxxxxxxx.com failed

maverick23

Well-Known Member
Feb 23, 2005
92
0
156
cPanel Access Level
DataCenter Provider
I have tried everything

i have done upcp --force
eximup--force
reinstalled exim... even changed from stable to current and from current to edge... have gone through all the threads but did not find any solution for my problem...

nothing in exim_paniclog
nothing different in exim_main log too..

Yes but one thing is there that i have apf and bfd installed on my box

and everyday around 400 Ip's get blocked cuz of being blacklisted in RBL's

can some one suggest me what can be the problem....?


any ideas????
 

Abizer

Registered
Aug 10, 2003
3
0
151
nasik india
Very stange No idea :((
 

maverick23

Well-Known Member
Feb 23, 2005
92
0
156
cPanel Access Level
DataCenter Provider
After looking at the /var/log/messages i was getting messages like:-

Sep 21 18:36:53 nw1 kernel: ** IN_SANITY **IN=eth0 OUT= MAC=00:0d:61:43:75:38:00:0f:34:38:3c:8
0:08:00 SRC=200.96.209.235 DST=xx.xxx.xxx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=9104 PROTO=TC
P SPT=113 DPT=57952 WINDOW=0 RES=0x00 ACK RST FIN URGP=0
Sep 21 18:40:02 ns1 BFD(13910): {exim} 221.135.226.3 exceeded login failures; executed ban com
mand '/etc/apf/apf -d 221.135.226.3 {bfd.exim}'.
Sep 21 18:40:08 ns1 BFD(13910): {exim} 222.241.176.73 exceeded login failures; executed ban co
mmand '/etc/apf/apf -d 222.241.176.73 {bfd.exim}'.
Sep 21 18:44:44 nw1 exim: clamd shutdown succeeded
Sep 21 18:44:44 nw1 exim: exim shutdown failed
Sep 21 18:44:44 nw1 exim: antirelayd shutdown succeeded
Sep 21 18:44:45 nw1 exim: spamd shutdown succeeded
Sep 21 18:44:47 nw1 exim: clamd startup succeeded
Sep 21 18:44:47 nw1 exim: exim startup succeeded
Sep 21 18:44:48 nw1 exim: exim startup succeeded
Sep 21 18:44:48 nw1 exim: antirelayd startup succeeded
Sep 21 18:44:50 nw1 exim: spamd startup succeeded
Sep 21 18:44:50 nw1 antirelayd: antirelayd shutdown succeeded
Sep 21 18:44:51 nw1 antirelayd: antirelayd startup succeeded


at this point the exim was crashing... then i thought may be i should check my firewall... and then i upgraded the version of APF..earlier version of APF was 0.9.5 and now is 0.9.6...

and my prolem is resolved....

but i have a new issue now....my servers IP was getting blacklisted again and again at bl.spamcop.net then i had to write them a mail for asking about the reason.... the reply which i got is given below which i could not understand.... can some one help me out in this as in what they are trying to refer to??

Reply from Spamcop People

This server is sending Challenge/Response mails to the forged from addresses in spams inbound to the server. Effective spam management tools should place the burden either on the spammer, on the sending mailserver, or, at the very least, on the person receiving the benefits of the filtering (the mail recipient). Instead, Challenge/Response puts the burden on, at best, a person not directly benefitting, and, quite likely, a completely innocent party by sending the C/R to the forged "from" address. The sending mailserver which is sending the spam -- voluntarily or involuntarily via a compromised machine -- is not notified of the problem which it should be. The only beneficiary of C/R is the sender, at the cost of inconveniencing everyone else.


Any suggestions?
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
maverick23 said:
Reply from Spamcop People

This server is sending Challenge/Response mails to the forged from addresses in spams inbound to the server. Effective spam management tools should place the burden either on the spammer, on the sending mailserver, or, at the very least, on the person receiving the benefits of the filtering (the mail recipient). Instead, Challenge/Response puts the burden
Autoresponder is the culprit, in this case. Many users are using autoresponders to reply to their clients. Since these email addresses get hit with SPAM, autoresponder sends out/responds to these forged email addresses causing your mail server to get blacklisted by SpamCop, SpamHaus and many others. The best way is to disable these autoresponders, which is not possible for many of your clients. To see who is using autoresponder, run this command at the prompt:

grep autorespond /etc/valiases/*

Although this is not related to your issue, but just in case you need to learn how to disable delayed bounce back messages in exim, go to:
http://www.farhad.ca/2006/07/27/how-to-disable-delayed-bounce-back-messages-in-exim/
 

cynux

Well-Known Member
Jul 30, 2005
113
0
166
AndyReed said:
Autoresponder is the culprit, in this case. Many users are using autoresponders to reply to their clients. Since these email addresses get hit with SPAM, autoresponder sends out/responds to these forged email addresses causing your mail server to get blacklisted by SpamCop, SpamHaus and many others. The best way is to disable these autoresponders, which is not possible for many of your clients. To see who is using autoresponder, run this command at the prompt:

grep autorespond /etc/valiases/*

Although this is not related to your issue, but just in case you need to learn how to disable delayed bounce back messages in exim, go to:
http://www.farhad.ca/2006/07/27/how-to-disable-delayed-bounce-back-messages-in-exim/

It's not just auto-responders.

when a user quota is over limit, all the emails are bounced by exim, rather then rejecting it at the time of delivery... which really sucks! like it or not.. it is a serious problem... i was blacklisted by spamcop twice.. and I dont think cpanel is even bothering about it, as it's big problem.. :rolleyes:
 

maverick23

Well-Known Member
Feb 23, 2005
92
0
156
cPanel Access Level
DataCenter Provider
I am using this server for only my site's and i know there are no autoresponders.... can it be box trapper? as i have it enabled in most of my accounts....?
 
Last edited:

cynux

Well-Known Member
Jul 30, 2005
113
0
166
maverick23 said:
Reply from Spamcop People

This server is sending Challenge/Response mails to the forged from addresses in spams inbound to the server. Effective spam management tools should place the burden either on the spammer, on the sending mailserver, or, at the very least, on the person receiving the benefits of the filtering (the mail recipient). Instead, Challenge/Response puts the burden on, at best, a person not directly benefitting, and, quite likely, a completely innocent party by sending the C/R to the forged "from" address. The sending mailserver which is sending the spam -- voluntarily or involuntarily via a compromised machine -- is not notified of the problem which it should be. The only beneficiary of C/R is the sender, at the cost of inconveniencing everyone else.


Any suggestions?

like it or not that is a problem with the way cpanel's mailing system is setup... when cpanel implemented quota system for email accounts.. they should have have implemented a way to reject emails at the time of delivery instead of bouncing them... so you'r left to find a way to bounce the emails at the time to reject emails at the time of delivery... so you can use a perl script to check if the account is 98-99% full.... and if it is.. reject the email...