The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to stop spam flood

Discussion in 'E-mail Discussions' started by akkad, Jul 30, 2012.

  1. akkad

    akkad Registered

    Joined:
    Jul 30, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    my server is being flooded by some kind of spam botnet. Yesterday, exim and mysql crashed because /var ran out of space, so i emptied the table in the eximstats db which was at 1.5gb. I woke up to find out that they crashed again and /var was again at 100%. I moved the mysql data to another partition.I had problems bringing mysql server back up, only to discover that the eximstats db had crashed and needed repair. After getting everything to work, i found that the eximstats db was at 1.2 gb again. The failures table is growing non stop and filled with weird chinese emails, .com.cn, .com.tw and qq.com. It increasing at about 100 records/hour.

    and here's an excerpt of /var/log/exim_mainlog which is now at 275MB from just the last 4 hours.

    Code:
    2012-07-30 18:10:44 1SuHO0-0008Pa-Ag == lakeharbor@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial conne$
    2012-07-30 18:10:44 1SuHO0-0008Pa-Ag == kuda_yu@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connecti$
    2012-07-30 18:10:44 1SuHO0-0008Pa-Ag == leelee4918@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial conne$
    2012-07-30 18:10:44 1SuHO0-0008Pa-Ag == koichi1176@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial conne$
    2012-07-30 18:10:44 1SuHO0-0008Pa-Ag == lin1314n@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connect$
    2012-02012-07-30 18:10:44 1SuLn0-0007GZ-Tj == paul79jimmy113@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero st$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == r2277r@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100: e$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == petercheng67@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == peachwater530@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == qazws789tw@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x010$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == p101209010410@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == p321322@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100: $
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == pp1910t@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100: $
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == ou4230@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100: e$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == pin.ann@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100: $
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == qoo1321@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100: $
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == p2020555@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100:$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == q19850715@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == pagelike5566@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == ocean6701@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == psvo@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100: exi$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == piano_andy@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x010$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == pai6712@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100: $
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == os123808957@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x01$
    2012-07-30 18:10:44 1SuLn0-0007GZ-Tj == play14215@yahoo.com.tw R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x0100$
    2012-07-30 18:10:44 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1SuLn0-0007GZ-Tj
    2012-07-30 18:10:44 1SvqgG-0002nM-Qg Message abandoned: Spool write error (No space left on device) while receiving message from mailnull
    2012-07-30 18:10:47 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1SuNo0-000391-PR
    2012-07-30 18:10:47 1SvqgJ-0002nZ-1K Message abandoned: Spool write error (No space left on device) while receiving message from mailnull
    2012-07-30 18:10:47 1SuNo0-000391-PR Frozen
    2012-07-30 18:10:47 1SuNo0-000391-PR spool file write error while delivering: No space left on device
    2012-07-30 18:10:47 1SvaY0-00009r-H3 Message is frozen
    2012-07-30 18:10:47 1Svar0-0003QC-7u Message is frozen
    2012-07-30 18:10:47 1Svd80-0003ir-61 Message is frozen
    2012-07-30 18:10:47 1SuNS0-0001yE-C4 SMTP error from remote mail server after initial connection: host mta-v4.mail.vip.tp2.yahoo.com [203.188.197.111]: 421 $
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [T$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == fjhd@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection:$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == f52349@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connectio$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == e870788@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connecti$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == elisabet@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connect$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == ese951@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connectio$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == elton_shih@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial conne$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == eyy13579@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connect$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == ewvkchoi@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connect$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == eddie0864@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connec$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == evq556632@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connec$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == gakx@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection:$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == f0223326662@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial conn$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == donjinchen@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial conne$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == f1209305@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connect$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == e072912000@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial conne$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == feiy1234@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connect$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == dragon741012@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial con$
    2012-07-30 18:10:48 1SuNS0-0001yE-C4 == future-0526@yahoo.com.tw R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial conn$
    
    
    what can i do stop this???
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you check the failures to see if those emails are in your mail queue? If they are, are they bounce backs to your server from someone sending from it? If they are, then you'd want to track down who is sending the emails. We'd need more details for the header message from one of the bounces from Mail Queue Manager to try to assist further.

    Thanks!
     
  3. hainamtravel

    hainamtravel Registered

    Joined:
    Aug 2, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    faced the same problem and I found your suggested solution. thanks very much!

    tony
     
Loading...

Share This Page