Generating NDRs from Secondary MX

resruss

Registered
Oct 17, 2012
2
0
1
cPanel Access Level
Root Administrator
Hi,

I've been investigating our WHM / cPanel server, we've got up to 1000 NDRs that are being frozen in the queue

After a little digging, reviewing a bunch of the messages before flushing them from the queue, it looks like the spammers are targeting our cPanel server, which is Backup MX Server for several of our customers, instead of their primary MX records.

I've read through posts about Sender Verification Callouts (which was already disabled on this server) and :fail:

I've adjusted several of these domains to use :fail: but don't think this will actually have any effect, as we're just holding mail to deliver to the primary MX when it's up

So what's happening is our server has thousands of messages in the outbound queue, to the original sender, which are random spammer addresses, because it's received a :fail: from the primary MX

Has anybody experienced this?
Unless I'm missing something, all the usual fixes don't seem to apply.
 

resruss

Registered
Oct 17, 2012
2
0
1
cPanel Access Level
Root Administrator
Hi,

I've been investigating our WHM / cPanel server, we've got up to 1000 NDRs that are being frozen in the queue

After a little digging, reviewing a bunch of the messages before flushing them from the queue, it looks like the spammers are targeting our cPanel server, which is Backup MX Server for several of our customers, instead of their primary MX records.

I've read through posts about Sender Verification Callouts (which was already disabled on this server) and :fail:

I've adjusted several of these domains to use :fail: but don't think this will actually have any effect, as we're just holding mail to deliver to the primary MX when it's up

So what's happening is our server has thousands of messages in the outbound queue, to the original sender, which are random spammer addresses, because it's received a :fail: from the primary MX

Has anybody experienced this?
Unless I'm missing something, all the usual fixes don't seem to apply.
Still having this problem, anyone come across this before?