Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Help Interpreting Exim Queue

Discussion in 'E-mail Discussion' started by C4talyst, Aug 14, 2015.

  1. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    56
    I have a cPanel server with around 300 sites on it. Recently, spammers were able to upload php files to an unpatched WordPress site and send emails. I caught it when we landed on a blacklist. I've patched/cleaned the site in question, and while working on this I noticed the following output from the command 'exim -bp | exiqsumm':

    -- begin snip --

    Count Volume Oldest Newest Domain
    ----- ------ ------ ------ ------
    - Spam Domains List Removed -

    -- end snip --

    I don't understand what this output represents. None of these domains are hosted on my server. Are these spam/bounces that are incoming to my users, or, does this indicate another possible vulnerability issue where our server is sending outbound spam? A huge thank you to anyone who can help.
     
    #1 C4talyst, Aug 14, 2015
    Last edited by a moderator: Aug 17, 2015
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    The command you are running is providing you a summary of the existing messages in your mail queue. You can open your mail queue from Web Host Manager and review the individual messages if you want to get a better idea of the type of messages and where they come from.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    56
    Thank you for pointing me there. I can see that I have many emails queued up to go out from [System] to unusual addresses...would this likely indicate that I still have some "issues" to resolve?
     
  4. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    56
    Actually, I'm wondering now if this represents a bounce being sent out to someone that was sending spam to our users...after looking at the message headers.
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes, it's likely a bounce sent to a non-existent user. You should be able to remove these messages from the queue to avoid the automatic retry attempts.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    56
    Starting to make sense, thank you so much for the quick replies, Michael.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice