Large number of Rejected relay attempts on server


Well-Known Member
Sep 20, 2013
cPanel Access Level
Root Administrator
I get a self made report about a very high sender count on one of my servers:

2019-01-15 16:39:40 []:34752 Warning: Sender rate 50099.3 / 1h

I investigate and see that I have a 6 figure amount of "Rejected relay attempts" on the server. In "Mail Delivery Reports" they look like this, all from unknown addresses to unknown addresses. is my servers IP.

Event:    rejected rejected
Sender User:    -remote-
Sender Domain:   
From Address:    [email protected]
Sent Time:    Jan 15, 2019, 5:00:17 PM
Sender Host:
Sender IP:
Authentication:    unauthorized
Recipient:    [email protected]
Delivered To:   
Delivery User:   
Delivery Domain:
Router:    reject
Transport:    **rejected**
Out Time:    Jan 15, 2019, 5:00:17 PM
ID:    1gjR8C-000A2e-Am
Delivery Host:
Delivery IP:
Size:    0 bytes
Result:    Rejected relay attempt: '' From: '[email protected]' To: '[email protected]'
I have never seen such a large number of these and am wondering how I can trace it. It seems all the connections are local so is it a local script I just cannot find through normal means?

I monitor php scripts but that report does not show anything close to these numbers.

I can find all the attempts in exim_mainlog but no identifying pieces other that it's local.

Anyone able to point me in a new direction? Thanks.


Product Owner II
Staff member
Nov 14, 2017
Hi @domeneas

What is output when you run the following?
exigrep 1gjR8C-000A2e-Am /var/log/exim_mainlog
More than likely though it is being rejected it may be that you need to block them from being able to even connect to the server.