Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

I'm under attack

Discussion in 'E-mail Discussion' started by mystikzen, Nov 27, 2007.

  1. mystikzen

    mystikzen Member

    Joined:
    Mar 18, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    151
    Hello all

    my server is receiving tons of e-mails from all the world for a specific domain.
    This cause the server to be heavily loaded and I see a lot of defunct exim process.
    I shut down the exim service to free the load but it's not acceptable for the other customers.

    I deleted the domain in /etc/localdomains file but mails are still processed.
    :blackhole: and :fail: are not a fix in this case as mails are processed.

    Is it possible to disable exim for a specific domain ?

    here is a part of the netstat query :

    Code:
    Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 eve.myserver.com:smtp      mx2.tue.nl:54100            TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      outbound-blu.frontbri:61174 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      avgw.voras.lt:37037         FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      75-144-115-201-Jackso:54559 TIME_WAIT
tcp        0    221 eve.myserver.com:smtp      72-29-67-18.static.di:21318 LAST_ACK
tcp        0      0 eve.myserver.com:44056     burns.kundenserver42.d:auth TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      ns1004.imingo.net:4410      TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.asi-online.de:43856    TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      avsmtp.rejis.org:4282       TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      DNS1.CONZULTEK.NET:44253    TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mbos141-192.alpenstoc:60580 TIME_WAIT
tcp        1     99 eve.myserver.com:smtp      smtp-cpk.frontbridge.:29124 CLOSING
tcp        0      0 eve.myserver.com:smtp      38.100.238.114:36658        TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mailkp.adriatic-sloven:4495 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      piroes01-poub.socgen.:42052 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.thermalceramics.c:3152 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og102.obsmtp.c:38857 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      www.gowealthy.com:7338      TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail08a.verio.de:47219      TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og101.obsmtp.c:39659 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      smtp7.upil-service.co:42754 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      antispam.tecseed.co.jp:2133 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      ponca.b-h-e.com:44271       TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mspl01.usen.ad.jp:38036     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      gw.cis-electronic.de:42426  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      kishssv05.sakura-utop:37385 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      218.75.46.202:8379          TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      email.aduana.org:47724      TIME_WAIT
tcp        0     68 eve.myserver.com:smtp      smtp-out2.net.av.olea:16850 FIN_WAIT1
tcp        0      0 eve.myserver.com:smtp      msg-scanner3.usc.edu:40532  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      gw.cis-electronic.de:42457  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      broughton.textdrive.c:51981 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      dnssmtp2.fukuda.co.jp:56843 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail1.slthermal.com:2644    TIME_WAIT
tcp        0      0 eve.myserver.com:http      76.250.6.251:1232           FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      203.85.10.161:41801         FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      211.97.172.44:53545         TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      static-14-245-226-77.:51793 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      cmp1.deloitte.com:52341     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.arkemagroup.com:47160  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      ccmail.cc.niigata-u.a:33245 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      speedimax-200-66-99-2:33468 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      altair.benesse.co.jp:42254  FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      www.pixlab.com:46484        TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og102.obsmtp.c:38859 TIME_WAIT
tcp        0     68 eve.myserver.com:smtp      smtp-out2.net.av.olea:35280 FIN_WAIT1
tcp        0      0 eve.myserver.com:smtp      atsbg30.netronics.co.:47101 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mx4.lhsystems.com:46308     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      srv893.flexwebhosting:60868 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      kgmail1.kumandgo.com:56448  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail-dub.bigfish.com:44350  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      al-ulya.auto-jardim.co:7921 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.managerialdesign:40545 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      adsl-75-31-230-54.dsl:47622 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      zixvpm.bgfh.com:59809       TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      host152-146-static.5-7:1561 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      boss.sal.tohoku.ac.jp:51617 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      server.haeckert.de:44787    TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.garlington.com:38669   TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mx2.eurorscg.net:48209      TIME_WAIT
tcp        0    102 eve.myserver.com:smtp      cdzms003.cgi.rupa.it:31891  FIN_WAIT1
tcp        0      0 eve.myserver.com:smtp      mail.sterlingnetwork.:53011 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      leda.telerent.com:34013     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      218.38.243.28:40647         TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      bws14.bridgewatersyst:46487 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      caesc.caesc.com:1191        TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og102.obsmtp.c:38861 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      wsmtpr04.ezweb.ne.jp:60346  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      post.safecom.co.nz:21980    TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      213.246.215.162:55923       FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      exprod5og102.obsmtp.c:38829 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      smtp.terradon.net:34908     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      master.telconet.net:51817   FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      mi-ob.rzone.de:29087        TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      ncc4.infomail.es:65509      TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      gw-nam2.philips.com:62428   TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      greatwestern.gwproduc:50611 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail13.caremark.com:35494   TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      customer-148-223-175-:59447 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mulnx11.mcs.muohio.ed:55390 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      memova1.tellas.gr:41144     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      imail.guard.com:4891        TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      antibiotix1.salm.fr:18739   TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      n3.grp.bbt.yahoo.co.j:36698 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      wmflb12na02.ezweb.ne.:43356 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mailgate.rkfl.com:50452     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      us02.mail.rninc.net:39244   FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      backup1.mx.expedient.:53092 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      ss92.shared.server-sy:47505 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      ew162.ips.SecurityBan:64027 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mailrelay008.isp.belg:43733 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      server217-174-250-109:43701 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      sweeper.hk.dk:16619         TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      lollipop.listbox.com:42380  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      smtp.mistletoetech.co:43943 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      server213-171-221-144:57301 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.0532163.com:3757       TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      nmp2.deloitte.com:36576     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og101.obsmtp.c:39692 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      58.26.137.24:58663          TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.rdvsportsplex.co:53147 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og101.obsmtp.c:39724 TIME_WAIT
tcp        1    107 eve.myserver.com:smtp      mail-dub.bigfish.com:16474  CLOSING
tcp        0      0 eve.myserver.com:smtp      mx1.cyso.net:40565          FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      blaster.systems.pipex:55320 TIME_WAIT
tcp        0      0 eve.myserver.com:5621      smtp.esn.be:35787           ESTABLISHED
     
    #1 mystikzen, Nov 27, 2007
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,517
    Likes Received:
    425
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    #service chkservd stop
    #service exim stop
    disable exim in Service Manager
    #service cpanel restart
    #service chkservd start

    That should work I think.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Infopro, Nov 27, 2007
  3. cbwass

    cbwass Well-Known Member

    Joined:
    Mar 29, 2002
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    316
    You could try removing the MX record for the domain that has problems in WHM 'Edit DNS Zone'.
     
    #3 cbwass, Nov 27, 2007
  4. mystikzen

    mystikzen Member

    Joined:
    Mar 18, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    151
    exim service must work for the other customers :/

    I have already deleted the MX entry but mails are still coming because of the A entry :/
     
    #4 mystikzen, Nov 27, 2007
  5. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    166
    So it is one particular domain? I would tell them "bye bye" and move on. There was actually some funny business going on with that domain at one point I would assume.
     
    #5 jayh38, Nov 27, 2007
(You must log in or sign up to post here.)
Loading...
Similar Threads - under attack
  1. Rogerio

    Can't understand "out of memory" kills

    Rogerio, Nov 8, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    65
    cPanelLauren
    Nov 9, 2018
  2. Stichting FreeSpeechTube

    SOLVED Suspicious process running under user

    Stichting FreeSpeechTube, Nov 3, 2018, in forum: General Discussion
    Replies:
    4
    Views:
    114
    cPanelMichael
    Nov 5, 2018
  3. ICD2000

    TLS Client Certificate Authentication in PHP, under EasyAppache

    ICD2000, Oct 25, 2018, in forum: EasyApache
    Replies:
    1
    Views:
    73
    cPanelMichael
    Oct 29, 2018
  4. swbrains

    SOLVED Thunderbird Email - SSL Certificate error with Lets Encrypt

    swbrains, Sep 20, 2018, in forum: Security
    Replies:
    3
    Views:
    195
    cPanelMichael
    Sep 21, 2018
  5. speckados

    Understanding the cPanel and Webmail access logs

    speckados, Sep 20, 2018, in forum: E-mail Discussion
    Replies:
    2
    Views:
    187
    cPanelMichael
    Sep 21, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice