Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

EXIM Spam Issues

Discussion in 'General Discussion' started by andyogsc, May 27, 2006.

  1. andyogsc

    andyogsc Member

    Joined:
    Mar 6, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    Hello All, maybe someone can help me.

    I recently updated the server to the lastest stuff, everything works great but for some odd reason my EXIM is sending out spam emails to people but also sending it locally. So this means it is Using up ALL my cpu and slowing down the system. Once server is rebooted, the slow server has gone but after like 50 minutes it slows down again.

    this is from my exim_mainlog

    2006-05-26 18:16:22 1FjgrG-0004gb-5i <= nobody@alpha.hostingalerts.net U=nobody P=local S=2551
    2006-05-26 18:16:22 1FjgrF-0004gG-86 == alremi@uol.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
    2006-05-26 18:16:22 1FjgrF-0004gO-Mn <= <> R=1FjgrC-0004ec-02 U=mailnull P=local S=3658
    2006-05-26 18:16:23 1FjgrF-0004gK-EI == alrib@terra.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
    2006-05-26 18:16:23 1FjgrE-0004gD-Vr => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:23 1FjgrE-0004gA-SM => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:23 1FjgrG-0004gb-5i == alremi@zipmail.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
    2006-05-26 18:16:23 1FjgrE-0004fv-Qq => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:23 1FjgrE-0004fv-Qq Completed
    2006-05-26 18:16:23 1FjgrF-0004gL-ET => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:23 1FjgrF-0004gL-ET Completed
    2006-05-26 18:16:23 1FjgrE-0004gA-SM Completed
    2006-05-26 18:16:23 1FjgrF-0004gI-Eh => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:23 1FjgrF-0004gI-Eh Completed
    2006-05-26 18:16:23 1FjgrE-0004gD-Vr Completed
    2006-05-26 18:16:23 1FjgrG-0004gf-LI <= nobody@alpha.hostingalerts.net U=nobody P=local S=1763
    2006-05-26 18:16:23 1FjgrC-0004ec-02 Completed
    2006-05-26 18:16:23 1FjgrE-0004gC-TN ** alrib@matrix.com.br R=lookuphost T=remote_smtp: SMTP error from remote mail server after RCPT TO:<alrib@matrix.com.br>: host mx.matrix.com.br [200.196.28.6]: 550 <alrib@matrix.com.br>: Recipient address rejected: Access denied
    2006-05-26 18:16:23 1FjgrG-0004gr-RW <= nobody@alpha.hostingalerts.net U=nobody P=local S=2545
    2006-05-26 18:16:24 1FjgrF-0004gO-Mn => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
    2006-05-26 18:16:24 1FjgrF-0004gO-Mn Completed
    2006-05-26 18:16:24 1FjgrG-0004gf-LI == alrib@uol.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
    2006-05-26 18:16:24 1FjgrH-0004h7-UA <= <> R=1FjgrE-0004gC-TN U=mailnull P=local S=2808
    2006-05-26 18:16:24 1FjgrH-0004h8-Uc <= nobody@alpha.hostingalerts.net U=nobody P=local S=1775
    2006-05-26 18:16:24 1FjgrI-0004hA-0e <= nobody@alpha.hostingalerts.net U=nobody P=local S=2542

    Here are some processes currently running on my server while slowing it down.

    3455 nobody 0 1.1 1.4 spamd child
    22156 root 0 1.1 0.4 /usr/sbin/exim -Mc 1Fk5OV-0005lH-Df
    22161 root 0 1.1 0.4 /usr/sbin/exim -Mc 1Fk5OW-0005lN-4m
    22145 root 0 0.8 0.4 /usr/sbin/exim -Mc 1Fk5OT-0005l9-KH
    22164 mailnull 0 0.8 0.4 /usr/sbin/exim -Mc 1Fk5OW-0005lS-Hx
    21522 root 0 0.0 0.3 /usr/sbin/exim -Mc 1Fk5KV-0005b3-Av
    21533 mailnull 0 0.0 0.3 /usr/sbin/exim -Mc 1Fk5KV-0005b3-Av
    22146 mailnull 0 0.0 0.4 /usr/sbin/exim -Mc 1Fk5OT-0005l9-KH
    22160 mailnull 0 0.0 0.4 /usr/sbin/exim -Mc 1Fk5OV-0005lH-Df
    22163 mailnull 0 0.0 0.4 /usr/sbin/exim -Mc 1Fk5OW-0005lN-4m
    22165 mailnull 0 0.0 0.2 /usr/sbin/sendmail -t -i
    22166 mailnull 0 0.0 0.2 /usr/sbin/exim -t -oem -oi -f <> -E1Fk5OW-0005lS-Hx

    Those are just some of what is running on the server. I feel it is something to do with eximstats as that was failling when the server booted up and was like this for 50 minutes and once it went green and was working, BOOM the server starting slowing down.

    I have searched up and down the internet and can not find a answer, i have also tried others issues and tried there fixs but still it continues to happen.

    I really need a soluation.... Please help i will be greatly appreicated.

    Andrew Bailey
     
    #1 andyogsc, May 27, 2006
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    4
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    How many messages are there in the queue? If you believe that there is a spammer, you need to locate the script or scripts used to deliver spam and either suspend or delete. Overall, secure and optimize your server. High server load issue has been discussed many times in these forums.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 AndyReed, May 27, 2006
  3. andyogsc

    andyogsc Member

    Joined:
    Mar 6, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    thats the problem i can't seem to find out who is doing it or what is doing it. How can you find out what script is doing it.
     
    #3 andyogsc, May 27, 2006
  4. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,774
    Likes Received:
    93
    Trophy Points:
    353
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    put log_selector = +all
    in the top box of your Exim Configuration Editor

    and tail your exim_mainlog it will tell your from which script the mail is being sent
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 dalem, May 27, 2006
  5. andyogsc

    andyogsc Member

    Joined:
    Mar 6, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    how do you tail may i ask sorry.
     
    #5 andyogsc, May 27, 2006
  6. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,774
    Likes Received:
    93
    Trophy Points:
    353
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    open a ssh seesion
    tail -f /var/log/exim_mainlog

    or let it run for a while and grep on of the messages that end up in your Exim Mail Queue

    grep message id /var/log/exim_mainlog
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 dalem, May 27, 2006
  7. tweakservers

    tweakservers Well-Known Member

    Joined:
    Mar 30, 2006
    Messages:
    379
    Likes Received:
    0
    Trophy Points:
    166
    the mails appear to be sent out by some php scripts as it is owned by nobody. You may really want to look into that.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 tweakservers, May 27, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - EXIM Spam Issues
  1. Kamil Brand Nova

    In Progress [CPANEL-22678] eximstats_spam_check errors

    Kamil Brand Nova, Nov 28, 2018, in forum: Security
    Replies:
    1
    Views:
    235
    cPanelMichael
    Nov 28, 2018
  2. asmithjr

    Use antivirus.exim to delete SPAM emails

    asmithjr, Sep 27, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    173
    cPanelLauren
    Oct 2, 2018
  3. goodmove

    Question about eximstats_spam_check

    goodmove, Aug 27, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    144
    cPanelLauren
    Aug 27, 2018
  4. ruiz

    Change eximstats_spam_check in crontab

    ruiz, Jul 29, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    144
    cPanelMichael
    Aug 2, 2018
  5. smartrange

    warn [eximstats_spam_check]

    smartrange, May 24, 2018, in forum: E-mail Discussion
    Replies:
    6
    Views:
    318
    cPanelLauren
    Jun 5, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice