The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail queue loaded

Discussion in 'E-mail Discussions' started by waiel, Dec 5, 2005.

  1. waiel

    waiel Member

    Joined:
    Nov 1, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    HI
    I'm facing a problem with my server. it's in production and contains 130 clients

    the mail queue get loaded easily with spams
    the queue now have 172692 Emails most of what i can see all spam
    and it's sent from unknown user

    i have disabled the user nobody from sending e-mails but still it will continue to send e-mail as nobody ..

    i also checked the logs and created a script to watch the account

    some of the e-mails are sent using e-mail exploits in the clients mail scripts/forms

    My problem is the exim uses up all the ram ( the server have 3 GB of ram and what left free is 19 MB) and CPU usage ( always goes up to 50 till 200 )
    which affect other process and will slowdown the server

    so is there a way to solve this ?
    Is there a way to drop all the e-mails that is not originated from a local user ?!

    Thanks
     
    #1 waiel, Dec 5, 2005
    Last edited: Dec 5, 2005
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    You need to find who is sending out SPAm from your server. It could be one of your clients or a hacker. I suggest you search these forums, since this topic was covered so many times. Good luck!
     
  3. darkelder

    darkelder Well-Known Member

    Joined:
    Oct 8, 2004
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    Does'nt anyone here have a script to help waiel clean its exim mail spool from some keyswords he found on emails?
     
  4. hergy80

    hergy80 Well-Known Member

    Joined:
    Sep 4, 2004
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
  5. Lyttek

    Lyttek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    770
    Likes Received:
    3
    Trophy Points:
    18

    Sure, but that's attacking the symptoms, not the underlying problem.
     
  6. waiel

    waiel Member

    Joined:
    Nov 1, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
  7. hergy80

    hergy80 Well-Known Member

    Joined:
    Sep 4, 2004
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    Lyttek is right, you really need to find the problem. We recently had an SQL Spam injection on a webcalendar script that caused about 22K e-mails to be send from our mailer to a specific domain (I believe it might have been part of a DoS attack). But you really need to find the problem area first, then just use these scripts to clean up the damage after you've stopped and fixed the problem.
     
Loading...

Share This Page