The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help Understanding Exim Logs

Discussion in 'E-mail Discussions' started by pestatp, Jan 19, 2012.

  1. pestatp

    pestatp Registered

    Joined:
    Jan 19, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I was told by my provider the other day that my server is sending out spam. So I turned on the extended logging for exim to see where it was coming from so I could delete the script.

    But from my understanding of what is being output, its sending out emails to no one.

    I have to entries that show up a lot in the logs and I was hoping someone could help me figure out what they mean.

    #1:
    2012-01-18 19:57:21 1RngJd-0000JD-Jr <= root@server.xxxcom U=root P=local S=1091 T="lfd on server.xxx.com: blocked 220.248.230.68 (CN/China/-)" from <root@server.xxxcom> for root
    2012-01-18 19:57:21 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1RngJd-0000JD-Jr
    2012-01-18 19:57:21 1RngJd-0000JD-Jr User 0 set for local_delivery transport is on the never_users list
    2012-01-18 19:57:21 1RngJd-0000JD-Jr == root@server.xxxcom R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
    2012-01-18 19:57:21 1RngJd-0000JD-Jr ** root@server.xxxcom: retry timeout exceeded
    2012-01-18 19:57:21 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1RngJd-0000JD-Jr
    2012-01-18 19:57:21 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1RngJd-0000JF-KS
    2012-01-18 19:57:21 1RngJd-0000JD-Jr Completed


    #2:
    2012-01-18 19:57:06 1RngJO-0000Il-Jh <= <> R=1RngJO-0000Ij-JA U=mailnull P=local S=1958 T="Mail delivery failed: returning message to sender" from <> for root@server.xxxcom
    2012-01-18 19:57:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1RngJO-0000Il-Jh
    2012-01-18 19:57:06 1RngJO-0000Il-Jh User 0 set for local_delivery transport is on the never_users list
    2012-01-18 19:57:06 1RngJO-0000Il-Jh == root@server.xxxcom R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
    2012-01-18 19:57:06 1RngJO-0000Il-Jh ** root@server.xxxcom: retry timeout exceeded
    2012-01-18 19:57:06 1RngJO-0000Il-Jh root@server.xxxcom: error ignored
    2012-01-18 19:57:06 1RngJO-0000Il-Jh Completed


    There are hundreds of both of these in the log from the last day, but I don't see what I think I am supposed to be looking for.

    Also, I never have emails in my queue and from what I have seen, most people whose servers are sending out spam get a bunch in there.

    So any help would be great!
     
    #1 pestatp, Jan 19, 2012
    Last edited: Jan 19, 2012
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I don't know about your spam problem, since you have no relevant logs for that.

    But, for your root@server problem, you should be able to do the following:

    1. Log in to WHM
    2. Click on Change System Mail Preferences under Server Contacts
    3. Set a valid email address [preferably not on the server, but it can be] that isn't root or root@server.xxxcom
    4. Click Change after each one

    You might also want to:

    5. Log in to WHM
    6. Click on Basic Cpanel and WHM Setup
    7. Click on Contact Information
    8. Set a valid email address that is not root or root@server.xxxcom
    * this probably shoudl be an email account not on the server - some other email you check offsite
    * * Enter one or more email addresses to contact in case a problem arises with this server.
    9. Save Changes


    See if that works for you. Of course, any messages currently in your mail queue destined for root@server.xxxcom will continue to be undeliverable so you might as well delete them via the Mail Queue Manager in WHM.

    M
     
    #2 mtindor, Jan 19, 2012
    Last edited: Jan 19, 2012
Loading...

Share This Page