How to prevent thousands of messages from entering the send queue

Dec 28, 2017
5
0
1
Itabaiana, Sergipe, Brazil
cPanel Access Level
Root Administrator
Dear. Often my server raises more than 10,000 emails in the outgoing queue in a matter of a few minutes. It turns out that when this happens during the day it becomes easier to monitor and prevent emails from being sent. I can stop Exim, clear the spammer's queue and change his password.

However, the problem is when this occurs at dawn. Then when dawn is already over 10,000 emails sent and we ended up listed in blacklists and poor reputation in the senderbase.

My question is: is there any way to prevent the queue from increasing more than 100 emails.

For example, some script that when the queue reaches 100 emails it sends a notification to the server administrator and soon it will stop the exim.

Is this possible or is there any better way?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Dec 28, 2017
5
0
1
Itabaiana, Sergipe, Brazil
cPanel Access Level
Root Administrator
Hello,

You can enable email limits and configure the server to discard all additional outgoing messages for a domain after the domain reaches the value of the Max hourly emails per domain option. We document how to configure this at:

How to Prevent Spam with Mail Limiting Features - cPanel Knowledge Base - cPanel Documentation

Thank you.
Already configured for the following values:
- Max hourly emails per domain: 250
- The percentage of email messages (above the account’s hourly maximum) to queue and retry for delivery. : 125% (default)

However, if we make the calculation according to the link that you sent me, the server would send 250 and put in queue 312 for the next hour. Only that is not what happens, queuing up thousands of emails.

I decided to reduce the values to 150 emails per hour is the percentage value to 100%. I also changed the values from option "Count mailman deliveries towards a domain’s Max hourly emails" to on.

Is it the fact that the above mailman option is off that allowed thousands of messages to accumulate in the queue, or is something missing?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Is it the fact that the above mailman option is off that allowed thousands of messages to accumulate in the queue, or is something missing?
Hello,

It's possible. Can you verify the accounts in-question were using Mailman to deliver the messages?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

Can you verify how the messages were sent out? For instance, was it through a PHP script using the PHP mail function?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Could you help me how can I get this information?
You can find one of the messages in /var/log/exim_mainlog and let us know the output. EX:

Code:
exigrep [email protected] /var/log/exim_mainlog
Note that you will need to replace references to real domain names and IP addresses with examples when pasting the output here, and we only need a single transaction (not the entire output of the command). See:

Reading and Understanding the exim main_log

Thank you.
 
Dec 28, 2017
5
0
1
Itabaiana, Sergipe, Brazil
cPanel Access Level
Root Administrator
You can find one of the messages in /var/log/exim_mainlog and let us know the output. EX:

Code:
exigrep [email protected] /var/log/exim_mainlog
Note that you will need to replace references to real domain names and IP addresses with examples when pasting the output here, and we only need a single transaction (not the entire output of the command). See:

Reading and Understanding the exim main_log

Thank you.
Example of some of the messages that have been sent:

2017-12-27 20:19:00 1eUKyR-0005jF-9K <= [email protected] H=([127.0.0.1]) [189.57.228.254]:2061 P=esmtpsa X=TLSv1:ECDHE-RSA-AES256-SHA:256 CV=no A=dovecot_plain:[email protected] S=924 [email protected] T="hey there" for [removed]
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

That suggests the message was sent directly from an email account. Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look at your system to ensure the email limit functionality is working as expected.

Thank you.