The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help Interpreting Exim Queue

Discussion in 'E-mail Discussions' started by C4talyst, Aug 14, 2015.

  1. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    I have a cPanel server with around 300 sites on it. Recently, spammers were able to upload php files to an unpatched WordPress site and send emails. I caught it when we landed on a blacklist. I've patched/cleaned the site in question, and while working on this I noticed the following output from the command 'exim -bp | exiqsumm':

    -- begin snip --

    Count Volume Oldest Newest Domain
    ----- ------ ------ ------ ------
    - Spam Domains List Removed -

    -- end snip --

    I don't understand what this output represents. None of these domains are hosted on my server. Are these spam/bounces that are incoming to my users, or, does this indicate another possible vulnerability issue where our server is sending outbound spam? A huge thank you to anyone who can help.
     
    #1 C4talyst, Aug 14, 2015
    Last edited by a moderator: Aug 17, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    669
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The command you are running is providing you a summary of the existing messages in your mail queue. You can open your mail queue from Web Host Manager and review the individual messages if you want to get a better idea of the type of messages and where they come from.

    Thank you.
     
  3. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Thank you for pointing me there. I can see that I have many emails queued up to go out from [System] to unusual addresses...would this likely indicate that I still have some "issues" to resolve?
     
  4. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Actually, I'm wondering now if this represents a bounce being sent out to someone that was sending spam to our users...after looking at the message headers.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    669
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, it's likely a bounce sent to a non-existent user. You should be able to remove these messages from the queue to avoid the automatic retry attempts.

    Thank you.
     
  6. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Starting to make sense, thank you so much for the quick replies, Michael.
     
Loading...

Share This Page