EXIM Spam Issues

Hello All, maybe someone can help me.

I recently updated the server to the lastest stuff, everything works great but for some odd reason my EXIM is sending out spam emails to people but also sending it locally. So this means it is Using up ALL my cpu and slowing down the system. Once server is rebooted, the slow server has gone but after like 50 minutes it slows down again.

this is from my exim_mainlog

2006-05-26 18:16:22 1FjgrG-0004gb-5i <= nobody@alpha.hostingalerts.net U=nobody P=local S=2551
2006-05-26 18:16:22 1FjgrF-0004gG-86 == alremi@uol.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
2006-05-26 18:16:22 1FjgrF-0004gO-Mn <= <> R=1FjgrC-0004ec-02 U=mailnull P=local S=3658
2006-05-26 18:16:23 1FjgrF-0004gK-EI == alrib@terra.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
2006-05-26 18:16:23 1FjgrE-0004gD-Vr => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
2006-05-26 18:16:23 1FjgrE-0004gA-SM => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
2006-05-26 18:16:23 1FjgrG-0004gb-5i == alremi@zipmail.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
2006-05-26 18:16:23 1FjgrE-0004fv-Qq => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
2006-05-26 18:16:23 1FjgrE-0004fv-Qq Completed
2006-05-26 18:16:23 1FjgrF-0004gL-ET => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
2006-05-26 18:16:23 1FjgrF-0004gL-ET Completed
2006-05-26 18:16:23 1FjgrE-0004gA-SM Completed
2006-05-26 18:16:23 1FjgrF-0004gI-Eh => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
2006-05-26 18:16:23 1FjgrF-0004gI-Eh Completed
2006-05-26 18:16:23 1FjgrE-0004gD-Vr Completed
2006-05-26 18:16:23 1FjgrG-0004gf-LI <= nobody@alpha.hostingalerts.net U=nobody P=local S=1763
2006-05-26 18:16:23 1FjgrC-0004ec-02 Completed
2006-05-26 18:16:23 1FjgrE-0004gC-TN ** alrib@matrix.com.br R=lookuphost T=remote_smtp: SMTP error from remote mail server after RCPT TO:<alrib@matrix.com.br>: host mx.matrix.com.br [200.196.28.6]: 550 <alrib@matrix.com.br>: Recipient address rejected: Access denied
2006-05-26 18:16:23 1FjgrG-0004gr-RW <= nobody@alpha.hostingalerts.net U=nobody P=local S=2545
2006-05-26 18:16:24 1FjgrF-0004gO-Mn => dracko@blueyonder.co.uk <nobody@alpha.hostingalerts.net> R=lookuphost T=remote_smtp H=mailin.blueyonder.co.uk [195.188.53.99]
2006-05-26 18:16:24 1FjgrF-0004gO-Mn Completed
2006-05-26 18:16:24 1FjgrG-0004gf-LI == alrib@uol.com.br R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
2006-05-26 18:16:24 1FjgrH-0004h7-UA <= <> R=1FjgrE-0004gC-TN U=mailnull P=local S=2808
2006-05-26 18:16:24 1FjgrH-0004h8-Uc <= nobody@alpha.hostingalerts.net U=nobody P=local S=1775
2006-05-26 18:16:24 1FjgrI-0004hA-0e <= nobody@alpha.hostingalerts.net U=nobody P=local S=2542

Here are some processes currently running on my server while slowing it down.

3455 nobody 0 1.1 1.4 spamd child
22156 root 0 1.1 0.4 /usr/sbin/exim -Mc 1Fk5OV-0005lH-Df
22161 root 0 1.1 0.4 /usr/sbin/exim -Mc 1Fk5OW-0005lN-4m
22145 root 0 0.8 0.4 /usr/sbin/exim -Mc 1Fk5OT-0005l9-KH
22164 mailnull 0 0.8 0.4 /usr/sbin/exim -Mc 1Fk5OW-0005lS-Hx
21522 root 0 0.0 0.3 /usr/sbin/exim -Mc 1Fk5KV-0005b3-Av
21533 mailnull 0 0.0 0.3 /usr/sbin/exim -Mc 1Fk5KV-0005b3-Av
22146 mailnull 0 0.0 0.4 /usr/sbin/exim -Mc 1Fk5OT-0005l9-KH
22160 mailnull 0 0.0 0.4 /usr/sbin/exim -Mc 1Fk5OV-0005lH-Df
22163 mailnull 0 0.0 0.4 /usr/sbin/exim -Mc 1Fk5OW-0005lN-4m
22165 mailnull 0 0.0 0.2 /usr/sbin/sendmail -t -i
22166 mailnull 0 0.0 0.2 /usr/sbin/exim -t -oem -oi -f <> -E1Fk5OW-0005lS-Hx

Those are just some of what is running on the server. I feel it is something to do with eximstats as that was failling when the server booted up and was like this for 50 minutes and once it went green and was working, BOOM the server starting slowing down.

I have searched up and down the internet and can not find a answer, i have also tried others issues and tried there fixs but still it continues to happen.

I really need a soluation.... Please help i will be greatly appreicated.

Andrew Bailey

 

thats the problem i can't seem to find out who is doing it or what is doing it. How can you find out what script is doing it.

 

how do you tail may i ask sorry.