I'm under attack

M

mystikzen

Member
Mar 18, 2004
13
0
151
Hello all

my server is receiving tons of e-mails from all the world for a specific domain.
This cause the server to be heavily loaded and I see a lot of defunct exim process.
I shut down the exim service to free the load but it's not acceptable for the other customers.

I deleted the domain in /etc/localdomains file but mails are still processed.
:blackhole: and :fail: are not a fix in this case as mails are processed.

Is it possible to disable exim for a specific domain ?

here is a part of the netstat query :

Code: 
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 eve.myserver.com:smtp      mx2.tue.nl:54100            TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      outbound-blu.frontbri:61174 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      avgw.voras.lt:37037         FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      75-144-115-201-Jackso:54559 TIME_WAIT
tcp        0    221 eve.myserver.com:smtp      72-29-67-18.static.di:21318 LAST_ACK
tcp        0      0 eve.myserver.com:44056     burns.kundenserver42.d:auth TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      ns1004.imingo.net:4410      TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.asi-online.de:43856    TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      avsmtp.rejis.org:4282       TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      DNS1.CONZULTEK.NET:44253    TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mbos141-192.alpenstoc:60580 TIME_WAIT
tcp        1     99 eve.myserver.com:smtp      smtp-cpk.frontbridge.:29124 CLOSING
tcp        0      0 eve.myserver.com:smtp      38.100.238.114:36658        TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mailkp.adriatic-sloven:4495 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      piroes01-poub.socgen.:42052 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.thermalceramics.c:3152 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og102.obsmtp.c:38857 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      www.gowealthy.com:7338      TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail08a.verio.de:47219      TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og101.obsmtp.c:39659 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      smtp7.upil-service.co:42754 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      antispam.tecseed.co.jp:2133 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      ponca.b-h-e.com:44271       TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mspl01.usen.ad.jp:38036     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      gw.cis-electronic.de:42426  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      kishssv05.sakura-utop:37385 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      218.75.46.202:8379          TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      email.aduana.org:47724      TIME_WAIT
tcp        0     68 eve.myserver.com:smtp      smtp-out2.net.av.olea:16850 FIN_WAIT1
tcp        0      0 eve.myserver.com:smtp      msg-scanner3.usc.edu:40532  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      gw.cis-electronic.de:42457  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      broughton.textdrive.c:51981 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      dnssmtp2.fukuda.co.jp:56843 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail1.slthermal.com:2644    TIME_WAIT
tcp        0      0 eve.myserver.com:http      76.250.6.251:1232           FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      203.85.10.161:41801         FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      211.97.172.44:53545         TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      static-14-245-226-77.:51793 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      cmp1.deloitte.com:52341     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.arkemagroup.com:47160  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      ccmail.cc.niigata-u.a:33245 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      speedimax-200-66-99-2:33468 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      altair.benesse.co.jp:42254  FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      www.pixlab.com:46484        TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og102.obsmtp.c:38859 TIME_WAIT
tcp        0     68 eve.myserver.com:smtp      smtp-out2.net.av.olea:35280 FIN_WAIT1
tcp        0      0 eve.myserver.com:smtp      atsbg30.netronics.co.:47101 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mx4.lhsystems.com:46308     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      srv893.flexwebhosting:60868 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      kgmail1.kumandgo.com:56448  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail-dub.bigfish.com:44350  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      al-ulya.auto-jardim.co:7921 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.managerialdesign:40545 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      adsl-75-31-230-54.dsl:47622 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      zixvpm.bgfh.com:59809       TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      host152-146-static.5-7:1561 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      boss.sal.tohoku.ac.jp:51617 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      server.haeckert.de:44787    TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.garlington.com:38669   TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mx2.eurorscg.net:48209      TIME_WAIT
tcp        0    102 eve.myserver.com:smtp      cdzms003.cgi.rupa.it:31891  FIN_WAIT1
tcp        0      0 eve.myserver.com:smtp      mail.sterlingnetwork.:53011 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      leda.telerent.com:34013     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      218.38.243.28:40647         TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      bws14.bridgewatersyst:46487 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      caesc.caesc.com:1191        TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og102.obsmtp.c:38861 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      wsmtpr04.ezweb.ne.jp:60346  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      post.safecom.co.nz:21980    TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      213.246.215.162:55923       FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      exprod5og102.obsmtp.c:38829 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      smtp.terradon.net:34908     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      master.telconet.net:51817   FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      mi-ob.rzone.de:29087        TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      ncc4.infomail.es:65509      TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      gw-nam2.philips.com:62428   TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      greatwestern.gwproduc:50611 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail13.caremark.com:35494   TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      customer-148-223-175-:59447 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mulnx11.mcs.muohio.ed:55390 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      memova1.tellas.gr:41144     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      imail.guard.com:4891        TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      antibiotix1.salm.fr:18739   TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      n3.grp.bbt.yahoo.co.j:36698 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      wmflb12na02.ezweb.ne.:43356 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mailgate.rkfl.com:50452     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      us02.mail.rninc.net:39244   FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      backup1.mx.expedient.:53092 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      ss92.shared.server-sy:47505 FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      ew162.ips.SecurityBan:64027 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mailrelay008.isp.belg:43733 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      server217-174-250-109:43701 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      sweeper.hk.dk:16619         TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      lollipop.listbox.com:42380  TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      smtp.mistletoetech.co:43943 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      server213-171-221-144:57301 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.0532163.com:3757       TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      nmp2.deloitte.com:36576     TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og101.obsmtp.c:39692 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      58.26.137.24:58663          TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      mail.rdvsportsplex.co:53147 TIME_WAIT
tcp        0      0 eve.myserver.com:smtp      exprod5og101.obsmtp.c:39724 TIME_WAIT
tcp        1    107 eve.myserver.com:smtp      mail-dub.bigfish.com:16474  CLOSING
tcp        0      0 eve.myserver.com:smtp      mx1.cyso.net:40565          FIN_WAIT2
tcp        0      0 eve.myserver.com:smtp      blaster.systems.pipex:55320 TIME_WAIT
tcp        0      0 eve.myserver.com:5621      smtp.esn.be:35787           ESTABLISHED
 
C

cbwass

Well-Known Member
Mar 29, 2002
149
0
316
You could try removing the MX record for the domain that has problems in WHM 'Edit DNS Zone'.
 
M

mystikzen

Member
Mar 18, 2004
13
0
151
Infopro said:
#service chkservd stop
#service exim stop
disable exim in Service Manager
#service cpanel restart
#service chkservd start

That should work I think.
Click to expand...
exim service must work for the other customers :/

I have already deleted the MX entry but mails are still coming because of the A entry :/
 
J

jayh38

Well-Known Member
Mar 3, 2006
1,212
0
166
So it is one particular domain? I would tell them "bye bye" and move on. There was actually some funny business going on with that domain at one point I would assume.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
williama5 I'm not receiving email alert about disc quota from WHM Email 4
E cPanel Email Filters: Those that i'm in bcc? Email 6
I SOLVED Is DKIM possible if I'm not running DNS locally? Email 9
O Being blamed for sending spam but I'm not. Can someone help with log entries? Email 2
Skin Can't send or receive email from hotmail but I'm not banned Email 6
Similar threads
I'm not receiving email alert about disc quota from WHM
cPanel Email Filters: Those that i'm in bcc?
SOLVED Is DKIM possible if I'm not running DNS locally?
Being blamed for sending spam but I'm not. Can someone help with log entries?
Can't send or receive email from hotmail but I'm not banned
Top Bottom