I'm being Email DOSed. Exim load high.

[thenetbox]

For a few days multiple instances of exim start up and server load goes to 15 or 20 and the mail queue fills up to 1000 or more.

When I vlew the eximmaillog I only see:

....
2003-12-21 14:11:05 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:05 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:05 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:05 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:06 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:06 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:06 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:07 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
....


There are literally 1000s of these coming in.

I have tried to route them to blackhole.. or fail.. but they really aren't going anywhere..

There is no IP that I can block

I have removed all formmails and cgiemail and everything that I could find..

I have made MX record of a suspect account localhost.. but nothing.

I have everysort of antispam running but its not helping

It seems like a DOS and I'm almost helpless infront of it.

The emails are mostly about pirated adobe software.

Please help ..

 

[markie]

Originally posted by thenetbox
For a few days multiple instances of exim start up and server load goes to 15 or 20 and the mail queue fills up to 1000 or more.

When I vlew the eximmaillog I only see:

....
2003-12-21 14:11:05 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:05 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:05 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:05 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:06 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:06 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:06 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
2003-12-21 14:11:07 1AXp5y-0005Kt-Kq ** [email protected] R=fail_remote_domains: unrouteable mail domain "aol.com"
....


There are literally 1000s of these coming in.

I have tried to route them to blackhole.. or fail.. but they really aren't going anywhere..

There is no IP that I can block

I have removed all formmails and cgiemail and everything that I could find..

I have made MX record of a suspect account localhost.. but nothing.

I have everysort of antispam running but its not helping

It seems like a DOS and I'm almost helpless infront of it.

The emails are mostly about pirated adobe software.

Please help ..

My suggestion to you is to follow this modification. It will stop those pesky emails from arriving and offer you hope.

http://cvf.net/ForTheEximEditor.txt

 

[markie]

Hello! Your welcome!

 

[Slav]

Originally posted by markie
Hello! Your welcome!

Thats the normal respose oyu get from a user under 10 posts that expects a fix then never says anything.

 

[damainman]

Re: Re: I'm being Email DOSed. Exim load high.

Originally posted by markie
My suggestion to you is to follow this modification. It will stop those pesky emails from arriving and offer you hope.

http://cvf.net/ForTheEximEditor.txt

Looks like someone should suggest that to cpanel lol...

In a part of that link i read something that said "this is not done in the current version of cpanel"

But what version is it talking about?..how recent is that code and has any problems arrived from using it? It seems very useful but wheres the documentation for it?

Thanks for the link though, i see alot of useful resources in it.