The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim + spam problem

Discussion in 'General Discussion' started by pphillips, Nov 17, 2004.

  1. pphillips

    pphillips Well-Known Member

    Joined:
    Nov 14, 2003
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    I've searched these forums and found a lot of info about high load due to exim but nothing hit the button on the head. Here is my issue:

    2.4Ghz P4 server 1GB ram, only about 60 websites on it, none all that popular, except for 1 domain. One domain gets tens or hundreds of thousands of emails a day sent to random addresses (at his domain) and we have them set to :blackhole:, but maybe 500 a day go to real addresses and get caught by spam assassin. I'm pretty certain this is causing the high load. Exim crashes several times a day and auto-restarts and there are often dozens and dozens of exim processes running. I'm almost cetain this is causing the problem, but I dont know of a fix other than changing the MX record for that domain away. Anyway to completely ignore any bad email on this domain and prevent all this load? The load will often jump to 20+ and I dont feel comfortable with it being over 1.

    Thanks!!!
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  3. pphillips

    pphillips Well-Known Member

    Joined:
    Nov 14, 2003
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    I tried a dictionary attack setup similar to this but it caused exim to fail. I'm not sure how much that would help, because the email is coming from different sources. It's as if all of these addresses made it to a spam cd and all the spammers are sending mail to it.
     
  4. rvskin

    rvskin Well-Known Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    400
    Likes Received:
    1
    Trophy Points:
    18
    You should consider to implement RBL, and HELO ACL at Exim.
     
  5. pphillips

    pphillips Well-Known Member

    Joined:
    Nov 14, 2003
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    How do I do that? Do you know of any tutorials online?
     
  6. rvskin

    rvskin Well-Known Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    400
    Likes Received:
    1
    Trophy Points:
    18
    Follow my signature you will find it.
     
  7. WebVandals

    WebVandals Member

    Joined:
    Sep 8, 2003
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    For anyone experiencing this, you can *dramatically* reduce your server load in cases like the one described above by changing your "spam magnet" domain's default address to :fail: and NOT :blackhole:.

    Details here:
    http://www.configserver.com/free/fail.html
     
Loading...

Share This Page