I am having issues with what I call a mailbomb. My server will just suddently start getting hundreds of messages a minute to the point that all the system can do is try to process the mail influx. I have the domain set to fail messages bound for an address that does not exist. What I end up with is hundreds of processes running at once and the majority are exim processes and mailnull processes. Below are two examples in the mail que. I have not been able to establish how to stop this from happening. It will come in every few weeks for 15-20 min and then stop.
It looks to me like these are messages that is being sent out with a fake address at one of the domains on my server as the from but the messages I do not belive are acutally origionating on my system. They seem to always have the same from address but I suspect if I put a rule in exim to do some kind of processing of that from address it will change. At the same time the influx is so fast and so much that the system cant process the messages quick enough with out causing the system to overload.
It looks to me like these are messages that is being sent out with a fake address at one of the domains on my server as the from but the messages I do not belive are acutally origionating on my system. They seem to always have the same from address but I suspect if I put a rule in exim to do some kind of processing of that from address it will change. At the same time the influx is so fast and so much that the system cant process the messages quick enough with out causing the system to overload.
1GzDWo-0006Nn-2P-H
mailnull 47 12
<>
1167144222 0
-helo_name SPAMKILLER.wclark.k12.in.us
-host_address 165.138.138.220.8502
-interface_address 72.51.43.148.25
-received_protocol esmtp
-body_linecount 390
XX
1
oelschbjla@
213P Received: from [165.138.138.220] (helo=SPAMKILLER.wclark.k12.in.us)
by server2..com with esmtp (Exim 4.63)
id 1GzDWo-0006Nn-2P
for oelschbjla@; Tue, 26 Dec 2006 09:43:43 -0500
105P Received: by SPAMKILLER.wclark.k12.in.us (Postfix)
id E94B8BF86C; Tue, 26 Dec 2006 09:50:38 -0500 (EST)
044 Date: Tue, 26 Dec 2006 09:50:38 -0500 (EST)
071F From: [email protected] (Mail Delivery System)
045 Subject: Undelivered Mail Returned to Sender
035T To: oelschbjla@
018 MIME-Version: 1.0
123 Content-Type: multipart/report; report-type=delivery-status;
boundary="F1948BF87E.1167144638/SPAMKILLER.wclark.k12.in.us"
068I Message-Id: <[email protected]>
1GzDWo-0006Nn-2P-D
This is a MIME-encapsulated message.
--F1948BF87E.1167144638/SPAMKILLER.wclark.k12.in.us
Content-Description: Notification
Content-Type: text/plain
This is the Postfix program at host SPAMKILLER.wclark.k12.in.us.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The Postfix program
<[email protected]>: host 10.1.1.10[10.1.1.10] said: 550 No such
recipient (in reply to RCPT TO command)
--F1948BF87E.1167144638/SPAMKILLER.wclark.k12.in.us
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; SPAMKILLER.wclark.k12.in.us
X-Postfix-Queue-ID: F1948BF87E
X-Postfix-Sender: rfc822; oelschbjla@
Arrival-Date: Tue, 26 Dec 2006 09:50:31 -0500 (EST)
Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; host 10.1.1.10[10.1.1.10] said: 550 No such
recipient (in reply to RCPT TO command)
--F1948BF87E.1167144638/SPAMKILLER.wclark.k12.in.us
Content-Description: Undelivered Message
Content-Type: message/rfc822
Received: from localhost (localhost [127.0.0.1])
by SPAMKILLER.wclark.k12.in.us (Postfix) with ESMTP id F1948BF87E
for <bru[email protected]>; Tue, 26 Dec 2006 09:50:31 -0500 (EST)
Received: from SPAMKILLER.wclark.k12.in.us ([127.0.0.1])
by localhost (host.domain.tld [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 24728-07 for <[email protected]>;
Tue, 26 Dec 2006 09:50:16 -0500 (EST)
Received: from p5B04598A.dip.t-dialin.net (p5B04598A.dip.t-dialin.net [91.4.89.138])
by SPAMKILLER.wclark.k12.in.us (Postfix) with ESMTP id 7C191BF847
for <bru[email protected]>; Tue, 26 Dec 2006 09:50:13 -0500 (EST)
Message-ID: <[email protected]>
From: "Lynelle Hayes" <oelschbjla@>
To: "Stephenie" <[email protected]>
Subject: Re: Sure think it is time
Date: Tue, 26 Dec 2006 15:43:05 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_0007_01C728FC.27024BC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Spam-Status: No, hits=1.983 tagged_above=-999 required=4 tests=BAYES_50,
HELO_DYNAMIC_DIALIN, HTML_20_30, HTML_MESSAGE
X-Spam-Level: *
This is a multi-part message in MIME format.
------=_NextPart_000_0007_01C728FC.27024BC0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0008_01C728FC.27024BC0"
------=_NextPart_001_0008_01C728FC.27024BC0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
----- Original Message -----
From: =
[email protected]
To: oelschbjla@
Sent: Friday, November 17, 2006 8:68 PM
Subject: Sure think it is time
------=_NextPart_001_0008_01C728FC.27024BC0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.3790.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV> </DIV>
<p><IMG alt=3D"" hspace=3D0 src=3D"cid:GnYuSUtKVxHpPonb0mIQ" =
align=3Dbaseline border=3D0></p>
<BLOCKQUOTE dir=3Dltr
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>
<A title=3D=
[email protected]
href=3D"mailto:=
[email protected]=
">=
[email protected]=
</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
title=3Doelschbjla@
=
href=3D"mailtoelschbjla@">=
oelschbjla@</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Friday, November 17, 2006 =
8:68 PM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Sure think it is =
time</DIV>
<DIV><BR></DIV>
</FONT></DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_001_0008_01C728FC.27024BC0--
------=_NextPart_000_0007_01C728FC.27024BC0
Content-Type: image/gif;
name="73Gr41OhZi.gif"
Content-Transfer-Encoding: base64
Content-ID: <GnYuSUtKVxHpPonb0mIQ>
...
------=_NextPart_000_0007_01C728FC.27024BC0--
--F1948BF87E.1167144638/SPAMKILLER.wclark.k12.in.us--
