How to prevent thousands of messages from entering the send queue

[Jeferson Machado]

Dear. Often my server raises more than 10,000 emails in the outgoing queue in a matter of a few minutes. It turns out that when this happens during the day it becomes easier to monitor and prevent emails from being sent. I can stop Exim, clear the spammer's queue and change his password.

However, the problem is when this occurs at dawn. Then when dawn is already over 10,000 emails sent and we ended up listed in blacklists and poor reputation in the senderbase.

My question is: is there any way to prevent the queue from increasing more than 100 emails.

For example, some script that when the queue reaches 100 emails it sends a notification to the server administrator and soon it will stop the exim.

Is this possible or is there any better way?

 

[cPanelMichael]

Hello,

You can enable email limits and configure the server to discard all additional outgoing messages for a domain after the domain reaches the value of the Max hourly emails per domain option. We document how to configure this at:

How to Prevent Spam with Mail Limiting Features - cPanel Knowledge Base - cPanel Documentation

Thank you.

 

[Jeferson Machado]

Hello,

You can enable email limits and configure the server to discard all additional outgoing messages for a domain after the domain reaches the value of the Max hourly emails per domain option. We document how to configure this at:

How to Prevent Spam with Mail Limiting Features - cPanel Knowledge Base - cPanel Documentation

Thank you.

Already configured for the following values:
- Max hourly emails per domain: 250
- The percentage of email messages (above the account’s hourly maximum) to queue and retry for delivery. : 125% (default)

However, if we make the calculation according to the link that you sent me, the server would send 250 and put in queue 312 for the next hour. Only that is not what happens, queuing up thousands of emails.

I decided to reduce the values to 150 emails per hour is the percentage value to 100%. I also changed the values from option "Count mailman deliveries towards a domain’s Max hourly emails" to on.

Is it the fact that the above mailman option is off that allowed thousands of messages to accumulate in the queue, or is something missing?

 

[cPanelMichael]

Is it the fact that the above mailman option is off that allowed thousands of messages to accumulate in the queue, or is something missing?

Hello,

It's possible. Can you verify the accounts in-question were using Mailman to deliver the messages?

Thank you.

 

[Jeferson Machado]

Hello,

It's possible. Can you verify the accounts in-question were using Mailman to deliver the messages?

Thank you.

I just checked that there is no account using Mailman:
"there are no configured mailing lists"

 

[cPanelMichael]

Hello,

Can you verify how the messages were sent out? For instance, was it through a PHP script using the PHP mail function?

Thank you.

 

[Jeferson Machado]

Hello,

Can you verify how the messages were sent out? For instance, was it through a PHP script using the PHP mail function?

Thank you.

Could you help me how can I get this information?

 

[cPanelMichael]

Could you help me how can I get this information?

You can find one of the messages in /var/log/exim_mainlog and let us know the output. EX:

exigrep user@domain /var/log/exim_mainlog

Note that you will need to replace references to real domain names and IP addresses with examples when pasting the output here, and we only need a single transaction (not the entire output of the command). See:

Reading and Understanding the exim main_log

Thank you.

 

[Jeferson Machado]

You can find one of the messages in /var/log/exim_mainlog and let us know the output. EX:

exigrep user@domain /var/log/exim_mainlog

Note that you will need to replace references to real domain names and IP addresses with examples when pasting the output here, and we only need a single transaction (not the entire output of the command). See:

Reading and Understanding the exim main_log

Thank you.

Example of some of the messages that have been sent:

2017-12-27 20:19:00 1eUKyR-0005jF-9K <= user@domain H=([127.0.0.1]) [189.57.228.254]:2061 P=esmtpsa X=TLSv1:ECDHE-RSA-AES256-SHA:256 CV=no A=dovecot_plain:user@domain S=924 id=1e7kn4r-tom5z2-E5@domain T="hey there" for [removed]

 

[cPanelMichael]

Hello,

That suggests the message was sent directly from an email account. Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look at your system to ensure the email limit functionality is working as expected.

Thank you.