Help Understanding Exim Logs

P

pestatp

Registered
Jan 19, 2012
1
0
51
cPanel Access Level
Root Administrator
I was told by my provider the other day that my server is sending out spam. So I turned on the extended logging for exim to see where it was coming from so I could delete the script.

But from my understanding of what is being output, its sending out emails to no one.

I have to entries that show up a lot in the logs and I was hoping someone could help me figure out what they mean.

#1:
2012-01-18 19:57:21 1RngJd-0000JD-Jr <= [email protected] U=root P=local S=1091 T="lfd on server.xxx.com: blocked 220.248.230.68 (CN/China/-)" from <[email protected]> for root
2012-01-18 19:57:21 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1RngJd-0000JD-Jr
2012-01-18 19:57:21 1RngJd-0000JD-Jr User 0 set for local_delivery transport is on the never_users list
2012-01-18 19:57:21 1RngJd-0000JD-Jr == [email protected] R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
2012-01-18 19:57:21 1RngJd-0000JD-Jr ** [email protected]: retry timeout exceeded
2012-01-18 19:57:21 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1RngJd-0000JD-Jr
2012-01-18 19:57:21 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1RngJd-0000JF-KS
2012-01-18 19:57:21 1RngJd-0000JD-Jr Completed


#2:
2012-01-18 19:57:06 1RngJO-0000Il-Jh <= <> R=1RngJO-0000Ij-JA U=mailnull P=local S=1958 T="Mail delivery failed: returning message to sender" from <> for [email protected]
2012-01-18 19:57:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1RngJO-0000Il-Jh
2012-01-18 19:57:06 1RngJO-0000Il-Jh User 0 set for local_delivery transport is on the never_users list
2012-01-18 19:57:06 1RngJO-0000Il-Jh == [email protected] R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
2012-01-18 19:57:06 1RngJO-0000Il-Jh ** [email protected]: retry timeout exceeded
2012-01-18 19:57:06 1RngJO-0000Il-Jh [email protected]: error ignored
2012-01-18 19:57:06 1RngJO-0000Il-Jh Completed


There are hundreds of both of these in the log from the last day, but I don't see what I think I am supposed to be looking for.

Also, I never have emails in my queue and from what I have seen, most people whose servers are sending out spam get a bunch in there.

So any help would be great!
 
Last edited:
M

mtindor

Well-Known Member
Sep 14, 2004
1,463
114
193
inside a catfish
cPanel Access Level
Root Administrator
I don't know about your spam problem, since you have no relevant logs for that.

But, for your [email protected] problem, you should be able to do the following:

1. Log in to WHM
2. Click on Change System Mail Preferences under Server Contacts
3. Set a valid email address [preferably not on the server, but it can be] that isn't root or [email protected]
4. Click Change after each one

You might also want to:

5. Log in to WHM
6. Click on Basic Cpanel and WHM Setup
7. Click on Contact Information
8. Set a valid email address that is not root or [email protected]
* this probably shoudl be an email account not on the server - some other email you check offsite
* * Enter one or more email addresses to contact in case a problem arises with this server.
9. Save Changes


See if that works for you. Of course, any messages currently in your mail queue destined for [email protected] will continue to be undeliverable so you might as well delete them via the Mail Queue Manager in WHM.

M
 
Last edited:
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
J Help Understanding Rejected IPs Email 1
T Need help understanding this exim_mainlog entry Email 4
A help understanding email issue Email 3
webmasteryoda Need help understanding DKIM / SPF Email 4
K (Mail-Spam?) A little help understanding Email 0
Similar threads
Help Understanding Rejected IPs
Need help understanding this exim_mainlog entry
help understanding email issue
Need help understanding DKIM / SPF
(Mail-Spam?) A little help understanding
Top Bottom