The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EXIM Spam Issues

Discussion in 'General Discussion' started by andyogsc, May 27, 2006.

  1. andyogsc

    andyogsc Member

    Joined:
    Mar 6, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    Hello All, maybe someone can help me.

    I recently updated the server to the lastest stuff, everything works great but for some odd reason my EXIM is sending out spam emails to people but also sending it locally. So this means it is Using up ALL my cpu and slowing down the system. Once server is rebooted, the slow server has gone but after like 50 minutes it slows down again.

    this is from my exim_mainlog

    2006-05-26 18:16:22 1FjgrG-0004gb-5i <= nobody@alpha.hostingalerts.net U=nobody P=local S=2551
    2006-05-26 18:16:22 1FjgrF-0004gG-86 == alremi@uol.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
    2006-05-26 18:16:22 1FjgrF-0004gO-Mn <= <> R=1FjgrC-0004ec-02 U=mailnull P=local S=3658
    2006-05-26 18:16:23 1FjgrF-0004gK-EI == alrib@terra.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
    2006-05-26 18:16:23 1FjgrE-0004gD-Vr => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:23 1FjgrE-0004gA-SM => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:23 1FjgrG-0004gb-5i == alremi@zipmail.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
    2006-05-26 18:16:23 1FjgrE-0004fv-Qq => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:23 1FjgrE-0004fv-Qq Completed
    2006-05-26 18:16:23 1FjgrF-0004gL-ET => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:23 1FjgrF-0004gL-ET Completed
    2006-05-26 18:16:23 1FjgrE-0004gA-SM Completed
    2006-05-26 18:16:23 1FjgrF-0004gI-Eh => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:23 1FjgrF-0004gI-Eh Completed
    2006-05-26 18:16:23 1FjgrE-0004gD-Vr Completed
    2006-05-26 18:16:23 1FjgrG-0004gf-LI <= nobody@alpha.hostingalerts.net U=nobody P=local S=1763
    2006-05-26 18:16:23 1FjgrC-0004ec-02 Completed
    2006-05-26 18:16:23 1FjgrE-0004gC-TN ** alrib@matrix.com.br R=lookuphost T=remote_smtp: SMTP error from remote mail server after RCPT TO:<alrib@matrix.com.br>: host mx.matrix.com.br [200.196.28.6]: 550 <alrib@matrix.com.br>: Recipient address rejected: Access denied
    2006-05-26 18:16:23 1FjgrG-0004gr-RW <= nobody@alpha.hostingalerts.net U=nobody P=local S=2545
    2006-05-26 18:16:24 1FjgrF-0004gO-Mn => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:24 1FjgrF-0004gO-Mn Completed
    2006-05-26 18:16:24 1FjgrG-0004gf-LI == alrib@uol.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
    2006-05-26 18:16:24 1FjgrH-0004h7-UA <= <> R=1FjgrE-0004gC-TN U=mailnull P=local S=2808
    2006-05-26 18:16:24 1FjgrH-0004h8-Uc <= nobody@alpha.hostingalerts.net U=nobody P=local S=1775
    2006-05-26 18:16:24 1FjgrI-0004hA-0e <= nobody@alpha.hostingalerts.net U=nobody P=local S=2542

    Here are some processes currently running on my server while slowing it down.

    3455 nobody 0 1.1 1.4 spamd child
    22156 root 0 1.1 0.4 /usr/sbin/exim -Mc 1Fk5OV-0005lH-Df
    22161 root 0 1.1 0.4 /usr/sbin/exim -Mc 1Fk5OW-0005lN-4m
    22145 root 0 0.8 0.4 /usr/sbin/exim -Mc 1Fk5OT-0005l9-KH
    22164 mailnull 0 0.8 0.4 /usr/sbin/exim -Mc 1Fk5OW-0005lS-Hx
    21522 root 0 0.0 0.3 /usr/sbin/exim -Mc 1Fk5KV-0005b3-Av
    21533 mailnull 0 0.0 0.3 /usr/sbin/exim -Mc 1Fk5KV-0005b3-Av
    22146 mailnull 0 0.0 0.4 /usr/sbin/exim -Mc 1Fk5OT-0005l9-KH
    22160 mailnull 0 0.0 0.4 /usr/sbin/exim -Mc 1Fk5OV-0005lH-Df
    22163 mailnull 0 0.0 0.4 /usr/sbin/exim -Mc 1Fk5OW-0005lN-4m
    22165 mailnull 0 0.0 0.2 /usr/sbin/sendmail -t -i
    22166 mailnull 0 0.0 0.2 /usr/sbin/exim -t -oem -oi -f <> -E1Fk5OW-0005lS-Hx

    Those are just some of what is running on the server. I feel it is something to do with eximstats as that was failling when the server booted up and was like this for 50 minutes and once it went green and was working, BOOM the server starting slowing down.

    I have searched up and down the internet and can not find a answer, i have also tried others issues and tried there fixs but still it continues to happen.

    I really need a soluation.... Please help i will be greatly appreicated.

    Andrew Bailey
     
    #1 andyogsc, May 27, 2006
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    How many messages are there in the queue? If you believe that there is a spammer, you need to locate the script or scripts used to deliver spam and either suspend or delete. Overall, secure and optimize your server. High server load issue has been discussed many times in these forums.
     
    #2 AndyReed, May 27, 2006
  3. andyogsc

    andyogsc Member

    Joined:
    Mar 6, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    thats the problem i can't seem to find out who is doing it or what is doing it. How can you find out what script is doing it.
     
    #3 andyogsc, May 27, 2006
  4. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,601
    Likes Received:
    51
    Trophy Points:
    203
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    put log_selector = +all
    in the top box of your Exim Configuration Editor

    and tail your exim_mainlog it will tell your from which script the mail is being sent
     
    #4 dalem, May 27, 2006
  5. andyogsc

    andyogsc Member

    Joined:
    Mar 6, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    how do you tail may i ask sorry.
     
    #5 andyogsc, May 27, 2006
  6. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,601
    Likes Received:
    51
    Trophy Points:
    203
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    open a ssh seesion
    tail -f /var/log/exim_mainlog

    or let it run for a while and grep on of the messages that end up in your Exim Mail Queue

    grep message id /var/log/exim_mainlog
     
    #6 dalem, May 27, 2006
  7. tweakservers

    tweakservers Well-Known Member

    Joined:
    Mar 30, 2006
    Messages:
    379
    Likes Received:
    0
    Trophy Points:
    166
    the mails appear to be sent out by some php scripts as it is owned by nobody. You may really want to look into that.
     
    #7 tweakservers, May 27, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - EXIM Spam Issues
  1. foggle

    Exim email going to spam

    foggle, Dec 14, 2016, in forum: E-mail Discussions
    Replies:
    6
    Views:
    524
    cPanelMichael
    Dec 20, 2016
  2. postcd

    Custom RBL SpamCanibal in WHM Exim?

    postcd, Mar 22, 2016, in forum: E-mail Discussions
    Replies:
    2
    Views:
    694
    cPanelMichael
    Mar 22, 2016
  3. Dent

    How to filter outgoing spam emails using cpanel_exim_system_filter

    Dent, Dec 16, 2015, in forum: E-mail Discussions
    Replies:
    6
    Views:
    1,210
    cPanelMichael
    Jun 7, 2016
  4. cbcast

    11.52 exim/spamd/nscd

    cbcast, Nov 15, 2015, in forum: E-mail Discussions
    Replies:
    2
    Views:
    587
    cPanelMichael
    Nov 18, 2015
  5. Al Gilson

    SpamExperts relay through Exim

    Al Gilson, Oct 15, 2015, in forum: E-mail Discussions
    Replies:
    2
    Views:
    813
    cPanelMichael
    Oct 22, 2015

Share This Page