Hi,
I've been investigating our WHM / cPanel server, we've got up to 1000 NDRs that are being frozen in the queue
After a little digging, reviewing a bunch of the messages before flushing them from the queue, it looks like the spammers are targeting our cPanel server, which is Backup MX Server for several of our customers, instead of their primary MX records.
I've read through posts about Sender Verification Callouts (which was already disabled on this server) and :fail:
I've adjusted several of these domains to use :fail: but don't think this will actually have any effect, as we're just holding mail to deliver to the primary MX when it's up
So what's happening is our server has thousands of messages in the outbound queue, to the original sender, which are random spammer addresses, because it's received a :fail: from the primary MX
Has anybody experienced this?
Unless I'm missing something, all the usual fixes don't seem to apply.
I've been investigating our WHM / cPanel server, we've got up to 1000 NDRs that are being frozen in the queue
After a little digging, reviewing a bunch of the messages before flushing them from the queue, it looks like the spammers are targeting our cPanel server, which is Backup MX Server for several of our customers, instead of their primary MX records.
I've read through posts about Sender Verification Callouts (which was already disabled on this server) and :fail:
I've adjusted several of these domains to use :fail: but don't think this will actually have any effect, as we're just holding mail to deliver to the primary MX when it's up
So what's happening is our server has thousands of messages in the outbound queue, to the original sender, which are random spammer addresses, because it's received a :fail: from the primary MX
Has anybody experienced this?
Unless I'm missing something, all the usual fixes don't seem to apply.
