The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim settings help

Discussion in 'E-mail Discussions' started by crystalfat, Mar 3, 2015.

  1. crystalfat

    crystalfat Member

    Joined:
    Mar 3, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello all,

    I wonder if you could help me...
    I have a server which has just had a site/domain hacked via php. The scripts were sending multiple emails from the site which soon queued up to over 500,000 and brought the server down before i realized. I have since flushed the Queue, fixed the malicious scripts and tightened up a few things in the WHM.

    Now when i goto the view sent summary in the email section I am still rejecting thousands of emails to domain email accounts that simply don't exist. The server is rejecting them so that seems to be ok? but i wonder if i can put any further measures in place. All help is greatly appreciated.

    I have copied some event details below. Most of them are from the same sender to the same recipient (who doesn't exist)

    Please advise. Many thanks
    (please note i added the ****** in places)

    Event: rejected rejected
    Sender User: -remote-
    Sender Domain:
    Sender: bounce@
    Sent Time: Mar 3, 2015 5:30:17 PM
    Sender Host: .com
    Sender IP: 2.2.2.2
    Authentication: unauthorized
    Spam Score: 0
    Recipient: dave@**********.com
    Delivered To:
    deliveryuser: *****
    deliverydomain: ******
    Router: reject
    Transport: **rejected**
    Out Time: Mar 3, 2015 5:30:17 PM
    ID: 1YSqeM-000Cc6-vM
    Delivery Host: .com
    Delivery IP: 1.1.1.1
    Size: 0 bytes
    Result: remote host address is the local host
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The messages to non-existent email accounts are already rejected, so there's not much more you can do for that specific behavior other than blocking specific IP addresses that are sending the email in your firewall.

    Thank you.
     
  3. crystalfat

    crystalfat Member

    Joined:
    Mar 3, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you for the reply.
    I have found the ones with recurring ip's and blocked those.

    I appreciate your help.
     
Loading...

Share This Page