Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim settings help

Discussion in 'E-mail Discussion' started by crystalfat, Mar 3, 2015.

  1. crystalfat

    crystalfat Member

    Joined:
    Mar 3, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello all,

    I wonder if you could help me...
    I have a server which has just had a site/domain hacked via php. The scripts were sending multiple emails from the site which soon queued up to over 500,000 and brought the server down before i realized. I have since flushed the Queue, fixed the malicious scripts and tightened up a few things in the WHM.

    Now when i goto the view sent summary in the email section I am still rejecting thousands of emails to domain email accounts that simply don't exist. The server is rejecting them so that seems to be ok? but i wonder if i can put any further measures in place. All help is greatly appreciated.

    I have copied some event details below. Most of them are from the same sender to the same recipient (who doesn't exist)

    Please advise. Many thanks
    (please note i added the ****** in places)

    Event: rejected rejected
    Sender User: -remote-
    Sender Domain:
    Sender: bounce@
    Sent Time: Mar 3, 2015 5:30:17 PM
    Sender Host: .com
    Sender IP: 2.2.2.2
    Authentication: unauthorized
    Spam Score: 0
    Recipient: dave@**********.com
    Delivered To:
    deliveryuser: *****
    deliverydomain: ******
    Router: reject
    Transport: **rejected**
    Out Time: Mar 3, 2015 5:30:17 PM
    ID: 1YSqeM-000Cc6-vM
    Delivery Host: .com
    Delivery IP: 1.1.1.1
    Size: 0 bytes
    Result: remote host address is the local host
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    The messages to non-existent email accounts are already rejected, so there's not much more you can do for that specific behavior other than blocking specific IP addresses that are sending the email in your firewall.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. crystalfat

    crystalfat Member

    Joined:
    Mar 3, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you for the reply.
    I have found the ones with recurring ip's and blocked those.

    I appreciate your help.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice