The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Flooded with Mail delivery failed messages

Discussion in 'E-mail Discussions' started by NNNils, Aug 20, 2003.

  1. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    Since a couple of days I am flooded with mail delivery failed messages.

    Anyone else having this?

    Maybe it is because rootmail is forwarded to me?

    cPanel.net Support Ticket Number:
     
  2. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
  3. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    This virus seems pretty successfull to me...

    cPanel.net Support Ticket Number:
     
  4. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    Well the good thing about cPanel and Exim .. is by default it is blocking those *.pif attachments. What you see in mail que is all the failed attampts back to the "from" address. I have about 700 of these in one box this morning and I cleaned out at 2am before I went to bed last night. I have another box with 375+ in 3 hours.

    What I , and I bet many of us could use is a nice cron script OR a setting in exim where we can just kill these attachment virus warning failed returns so they don't clog up mail que. I know there is a way. I just haven't searched enough.

    cPanel.net Support Ticket Number:
     
  5. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    But strange thing is, I am not talking about the queue, I am talking about my own mailbox...

    I forwarded rootmail to my own mailbox, maybe that's the reason?

    cPanel.net Support Ticket Number:
     
  6. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    That might be.

    cPanel.net Support Ticket Number:
     
  7. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    I find it all very strange...

    cPanel.net Support Ticket Number:
     
  8. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    http://forums.cpanel.net/showthread.php?s=&threadid=13741

    cPanel.net Support Ticket Number:
     
  9. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Crap! Well, I'm glad to hear that I'm not alone. This sh!t started happening two days ago on my box, and it's all to one address. I would disable the address, but unfortunately it's info@mycompany.com. What the hell is wrong with these people? Do they really have nothing better to do?

    cPanel.net Support Ticket Number:
     
  10. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    exactly the same here: info@mycompany flooded with mail

    But I use this e-mail for many things so it's hard to guess where they got it.

    cPanel.net Support Ticket Number:
     
  11. matthewdavis

    matthewdavis Well-Known Member

    Joined:
    Jun 26, 2003
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NC, USA
    Clean mailqueue of virus's

    This is a quick and dirty script I threw together to clean the mailqueue of all virus. It requires f-prot which you can get freely at www.f-prot.com. The direct download is ftp://ftp.f-prot.com/pub/linux/fp-linux-ws.rpm. This is also assuming you rusing Exim4, I'd reckon v3 would work ok too as long as you modify the spool directory accordingly.

    The following commands will clean your mailqueue.

    1. rpm -Uhv ftp://ftp.f-prot.com/pub/linux/fp-linux-ws.rpm

    2. /usr/local/f-prot/tools/check-updates.pl

    3. Then run this script.


    [-- Start Script --]
    #!/bin/bash
    /usr/local/bin/f-prot -report=/root/report /var/spool/exim/input -silent
    grep Infection report >> toclean
    cut -c 23-38 toclean >> files
    for i in `cat files `; do /usr/sbin/exim -Mrm $i ; done |grep blahblahblah
    rm -fr files toclean report
    [-- End Script --]

    NOTE: The grep blahblahblah is so there is no output generated. Take away that, and you'll be emailed the the output of the messages being deleted.

    I know its real dirty, but its functional. Use at your own risk. And run the script manually to make sure it works.

    I have a cron job setup to run that script every minute.
    * * * * * /root/cleanmqueue
     
    #11 matthewdavis, Aug 24, 2003
    Last edited: Aug 24, 2003
Loading...

Share This Page