The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim: Too many processes

Discussion in 'General Discussion' started by phpcoder1, Dec 20, 2005.

  1. phpcoder1

    phpcoder1 Member

    Joined:
    Sep 26, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    I got a call from my datacenter and they told me that my VPS was unplugged for a few hours due to too many processes. When I told them to plug it back in, one hour later, I saw my server load shoot to 50.00. I did ps -ax:

    It is a VPS, so I don't think APF and BFD won't work here. Can anybody help?
     
  2. Manuel_accu

    Manuel_accu Well-Known Member

    Joined:
    Jun 19, 2005
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    It seems that some user is spamming from your server...! for quick action clear the exim mail queue.
     
  3. phpcoder1

    phpcoder1 Member

    Joined:
    Sep 26, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Can you tell me how?
     
  4. aby

    aby Well-Known Member

    Joined:
    May 31, 2005
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    'rm -rf /var/spool/exim/input' will do it

    But you should investigate more and find the source script or domain and take actions so as to
    really help you out of this issue.
     
    #4 aby, Dec 21, 2005
    Last edited: Dec 21, 2005
  5. Manuel_accu

    Manuel_accu Well-Known Member

    Joined:
    Jun 19, 2005
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    Pass the below mentioned command at your command prompt to find the domain which is being used by spammers.

    # exim -bpr | exiqsumm -c | head

    Then,

    #exiqgrep -ir <domain> | xargs -n1 exim -Mrm

    That should remove any e-mail that is in the queue that is waiting to be delivered to POP accounts at <domain>.
     
  6. phpcoder1

    phpcoder1 Member

    Joined:
    Sep 26, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    How would I find out?
     
  7. aby

    aby Well-Known Member

    Joined:
    May 31, 2005
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    I didn't get you ? But one thing .. removing the mailque as i specified is not generally advisable otherwise in case of the extreme.. you need to act really fast... since it may cause many genuine mails to be lost. But I repeat what i have suggested you in the previous post..
    you shouls investigate more and find the root cause or get somebody who can help you

    This thread should give you some idea abt the mail queue.

    http://forums.cpanel.net/showthread.php?t=30820&
    http://forums.cpanel.net/showthread.php?t=41071
     
    #7 aby, Dec 22, 2005
    Last edited: Dec 22, 2005
  8. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    First emergency thing to do is to limit the amount of mail that can be sent per hour. Then start looking at everything else.
     
  9. IPSecureNetwork

    IPSecureNetwork Well-Known Member

    Joined:
    May 28, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    i`ve the same problem exactly the same and i found some script php making spamm relaying from my server..
    just restrict the permission of the nobodys user and inhabilitate to send mails even whit users whit suexec permissions..


    in WHM / Tweak Security

    check this box

    Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)
     
  10. dev_cw

    dev_cw Well-Known Member

    Joined:
    Jun 30, 2004
    Messages:
    59
    Likes Received:
    1
    Trophy Points:
    8
    Just so I am clear - this option will prevent 'nobody' from sendin to remote addresses but 'nobody' will still be able to send to local addresses. Am I correct?

    If so this sounds like a good thing to have activated.
     
Loading...

Share This Page