The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail Queue and over quota messages

Discussion in 'E-mail Discussions' started by sparek-3, May 20, 2005.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    We're having a mail queue issue on one of our servers. It seems that someone is sending spam to accounts on the server, for example say the domain pencil.com. They are using a fake yahoo address as the return message. The domain pencil.com is is over their quota. What appears to be happening, is because the yahoo address is fake, the message stating that the user is over their quota is staying in our mail queue.

    I thought that the "Discard emails for users who have exceeded their quota instead of keeping them in the queue." option in the WHM would prevent this, but I guess this only pertains to the original message (the spam message). Instead of it sitting in our queue, it is deleted. Is there anyway to prevent the return messages from filling up the queue? There may not be a way, but I thought there might be some exim experts that have worked with this problem before.

    Thanks
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Not that I've found (and you're right about the setting, it unfortunately does only pertain to the original email). I've searched the exim mailing list on this subject before and the only real answer was to play with the bounce retention settings, for example setting the following in the first textarea of the WHM > Exim Configuration Editor > Advanced Mode>

    timeout_frozen_after = 2d
    ignore_bounce_errors_after = 12h


    But don't set those too low. Another solution might be to ensure that the domain has it'd Default Address (catchall) set to :fail: and use a dictionary attack ACL:
    http://www.configserver.com/free/eximdeny.html
     
Loading...

Share This Page