The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mailnulll skyrocketing cpu load

Discussion in 'E-mail Discussions' started by NoAgendas, Aug 21, 2006.

  1. NoAgendas

    NoAgendas Guest

    EXIM is skyrocketing the load, all 'mailnull'. I cleared 12k mails from queue, in 10 minutes or less it shot up to 5,000 again.

    How do I trace where this is coming from?

    I have chirpy's exim acl module installed already

    EXIM config:

    untrusted_set_sender = *
    local_from_check = false
    local_sender_retain = true

    timeout_frozen_after = 2d
    ignore_bounce_errors_after = 12h

    domainlist rbl_blacklist = lsearch;/etc/rblblacklist
    domainlist rbl_bypass = lsearch;/etc/rblbypass
    hostlist rbl_whitelist = lsearch;/etc/relayhosts : partial-lsearch;/etc/rblwhitelist
    message_size_limit = 20MB
    log_selector = +arguments +subject

    timeout_frozen_after = 2d
    ignore_bounce_errors_after = 12h

    acl_not_smtp = acl_check_pipe

    begin acl

    #!!# ACL that is used after the RCPT command


    ##Added Sendmail Bcc and Cc Spam Removal##
    acl_check_pipe:
    #drop condition = ${if match {$message_body}\
    #{\N.*\
    #MIME-Version:.*\N}{true}}
    #log_message = "Spam MIME-Version:$header_subject: "

    #drop condition = ${if match {$message_body}\
    #{\N.*\
    #Reply-To:.*\N}{true}}
    #log_message = "Spam Reply-To:$header_subject: "

    # This will also block attachments
    # drop condition = ${if match {$message_body}\
    # {\N.*\
    # Content-Type:.*\N}{true}}
    # log_message = "Spam: Content-Type: $header_subject: "

    # This will also block attachments
    # drop condition = ${if match {$message_body}\
    # {\N.*\
    # Content-Transfer-Encoding:.*\N}{true}}
    # log_message = "Spam: Content-Transfer-Encoding: $header_subject: "

    drop condition = ${if match {$message_body}\
    {\N.*\
    [Bb][Cc][Cc]:.*\N}{true}}
    log_message = "Spam: BCC: $header_subject: "

    drop condition = ${if match {$message_body}\
    {\N.*\
    [Cc][Cc]:.*\N}{true}}
    log_message = "Spam: CC: $header_subject: "
    accept

    accept
    ##End of Additions ##

    check_recipient:
    # Exim 3 had no checking on -bs messages, so for compatibility
    # we accept if the source is local SMTP (i.e. not over TCP/IP).
    # We do this by testing for an empty sending host field.
    accept hosts = :

    drop hosts = /etc/exim_deny
    message = Connection denied after dictionary attack
    log_message = Connection denied from $sender_host_address after dictionary attack


    drop message = Appears to be a dictionary attack
    log_message = Dictionary attack (after $rcpt_fail_count failures)
    condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
    condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
    !verify = recipient

    # Accept bounces to lists even if callbacks or other checks would fail
    warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
    condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
    {yes}{no}}

    accept condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
    {yes}{no}}


    # Accept bounces to lists even if callbacks or other checks would fail
    warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
    condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
    {yes}{no}}

    accept condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
    {yes}{no}}

    #if it gets here it isn't mailman

    #sender verifications are required for all messages that are not sent to lists

    require verify = sender
    accept domains = +local_domains
    endpass

    #recipient verifications are required for all messages that are not sent to the local machine
    #this was done at multiple users requests

    message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid."
    verify = recipient

    accept domains = +relay_domains

    warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
    hosts = +relay_hosts
    accept hosts = +relay_hosts

    warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
    condition = ${perl{checkrelayhost}{$sender_host_address}}
    accept condition = ${perl{checkrelayhost}{$sender_host_address}}

    accept hosts = +auth_relay_hosts
    endpass
    message = $sender_fullhost is currently not permitted to \
    relay through this server. Perhaps you \
    have not logged into the pop/imap server in the \
    last 30 minutes or do not have SMTP Authentication turned on in your email client.
    authenticated = *

    deny message = $sender_fullhost is currently not permitted to \
    relay through this server. Perhaps you \
    have not logged into the pop/imap server in the \
    last 30 minutes or do not have SMTP Authentication turned on in your email client.


    #!!# ACL that is used after the DATA command
    check_message:
    require verify = header_sender
    accept

    begin rewrite

    nobody@lsearch;/etc/localdomains "${if !eq {$header_From:}{}{$header_sender:$header_From:}fai l}"
     

    Attached Files:

    • top.gif
      top.gif
      File size:
      56.9 KB
      Views:
      34
  2. NoAgendas

    NoAgendas Guest

    Code:
    root@server2 [~]# ps aux | grep exim
    root      9887  0.0  0.0  7176 2584 ?        S    06:16   0:00 /usr/bin/perl /scripts/restartsrv_eximstats --restart
    root      9893  0.0  0.0  4292 1164 ?        S    06:16   0:00 /bin/sh /usr/local/cpanel/bin/updateeximstats
    root     13995  0.0  0.0  8040 2580 ?        S    06:20   0:00 /usr/bin/perl /scripts/restartsrv_eximstats --restart
    root     14002  0.0  0.0  5216 1164 ?        S    06:21   0:00 /bin/sh /usr/local/cpanel/bin/updateeximstats
    root     14413  0.0  0.0  8992 2580 ?        S    06:21   0:00 /usr/bin/perl /scripts/restartsrv_eximstats --restart
    root     14570  0.0  0.0  5116 1164 ?        S    06:21   0:00 /bin/sh /usr/local/cpanel/bin/updateeximstats
    mailnull 15018  0.1  0.0  8008 1224 ?        Rs   06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15023  0.0  0.0  8664 1168 ?        Ss   06:22   0:00 /usr/sbin/exim -tls-on-connect -bd -oX 465
    root     15088  0.0  0.0  8100 2576 pts/0    S    06:22   0:00 /usr/bin/perl /scripts/restartsrv_eximstats --restart
    root     15094  0.0  0.0  4680 1160 pts/0    S    06:22   0:00 /bin/sh /usr/local/cpanel/bin/updateeximstats
    mailnull 15119  2.9  0.0  9060 3508 ?        S    06:22   0:01 /usr/sbin/exim -bd -q60m
    mailnull 15123  0.1  0.0     0    0 ?        Z    06:22   0:00 [exim] <defunct>
    mailnull 15176  4.9  0.0  9060 3532 ?        S    06:22   0:02 /usr/sbin/exim -bd -q60m
    mailnull 15188  0.0  0.0  8008 1184 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15193  0.8  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15199  5.8  0.0  9072 3508 ?        S    06:22   0:02 /usr/sbin/exim -bd -q60m
    mailnull 15201  5.7  0.0  9076 3524 ?        D    06:22   0:02 /usr/sbin/exim -bd -q60m
    mailnull 15205  0.0  0.0  8008 1232 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15209  6.1  0.0  9072 3508 ?        S    06:22   0:02 /usr/sbin/exim -bd -q60m
    mailnull 15244  1.8  0.0  9060 3508 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15259  0.1  0.0     0    0 ?        Z    06:22   0:00 [exim] <defunct>
    mailnull 15270  2.5  0.0  9076 3492 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15301  0.1  0.0     0    0 ?        Z    06:22   0:00 [exim] <defunct>
    mailnull 15321  3.9  0.0  9076 3504 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15322  4.2  0.0  9076 3504 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15344  0.9  0.0     0    0 ?        Z    06:22   0:00 [exim] <defunct>
    mailnull 15364  2.2  0.0  8276 2392 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15365  5.3  0.0  9100 3708 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15367  5.3  0.0  9076 3504 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15370  2.6  0.0  9064 3440 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15373  7.4  0.0  9076 3508 ?        R    06:22   0:01 /usr/sbin/exim -bd -q60m
    mailnull 15374  2.5  0.0  8800 3028 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15388  4.9  0.0  8972 3648 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15393  2.9  0.0  9064 3408 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15397  0.0  0.0  3816 1700 ?        S    06:22   0:00 /usr/bin/perl /etc/exim_deny.pl 221.164.24.35
    mailnull 15399  6.2  0.0  9064 3432 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15402  2.8  0.0  8276 2292 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15403  4.9  0.0  9076 3508 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15405  3.2  0.0  9064 3408 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15406  2.0  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15409  6.3  0.0  9076 3508 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15412  0.0  0.0  8008 1232 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15422  2.3  0.3 15660 12624 ?       R    06:22   0:00 /usr/bin/perl /etc/exim_deny.pl 201.1.204.142
    mailnull 15425  3.7  0.0  9064 3340 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    root     15430  0.3  0.0  8980 3768 ?        Rs   06:22   0:00 /usr/sbin/exim -Mc 1GF7rc-00040A-Qb
    mailnull 15432  3.9  0.0  9068 3484 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15440  4.0  0.0  9068 3372 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15443  3.6  0.0  8404 2480 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15446  8.0  0.0  9104 3728 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15448  3.7  0.0  8536 2692 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15449  2.4  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15454  4.4  0.0  9064 3408 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15455  4.5  0.0  9072 3504 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15456  4.4  0.0  9064 3440 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15458  8.4  0.0  9076 3504 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15459  9.3  0.0  9076 3508 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15462  9.0  0.0  9076 3508 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15463  5.2  0.0  9072 3504 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15467  0.0  0.0  8008 1232 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15468  9.2  0.0  9076 3580 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15469  4.9  0.0  9064 3440 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15470  4.9  0.0  9064 3344 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15477  1.4  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15478 10.4  0.0  9064 3436 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15479 10.4  0.0  9076 3504 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15480  5.3  0.0  9072 3500 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15481  3.6  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15482  5.3  0.0  9064 3408 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15483  3.0  0.0  8012 1332 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15485  4.0  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15487  5.0  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15488 11.2  0.0  9076 3508 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15492  9.8  0.0  9068 3436 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15496  7.5  0.0  9072 3504 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15498 12.8  0.0  9100 3720 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15499  0.0  0.0  8008 1220 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15500 13.1  0.0  9076 3508 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15501 14.8  0.0  9076 3508 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15502  7.1  0.0  8800 3032 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15503 15.5  0.0  9076 3500 ?        D    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15504 10.2  0.0  9072 3504 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15507  8.4  0.0  8536 2632 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15514 11.3  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15515  7.3  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15518 10.0  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15520  0.0  0.0  8008 1220 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15521 19.5  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    root     15524  2.5  0.0  8412 4032 ?        S    06:22   0:00 /usr/sbin/exim -Mc 1GF7rn-0003vr-W2
    mailnull 15525 17.0  0.0  8012 1348 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15526  0.0  0.0  8008 1232 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    root     15531  0.0  0.0  5684  776 pts/0    R+   06:22   0:00 grep exim
    mailnull 15534 40.0  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15535 40.0  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15540  0.0  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15545  0.0  0.0  8012 1300 ?        R    06:22   0:00 /usr/sbin/exim -bd -q60m
    animeinf 15550  0.0  0.0  8412 1680 ?        S    06:22   0:00 /usr/sbin/exim -Mc 1GF7rn-0003vr-W2
    animeinf 15552  0.0  0.0  8412 1312 ?        S    06:22   0:00 /usr/sbin/exim -Mc 1GF7rn-0003vr-W2
    root     15568  0.0  0.0  9868 4036 ?        Ss   06:22   0:00 /usr/sbin/exim -Mc 1GF7rn-000425-J3
    mailnull 15572  0.0  0.0  8008 1232 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15573  0.0  0.0  8008  868 ?        S    06:22   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15574  0.0  0.0  8008  780 ?        S    06:23   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15577  0.0  0.0  8008  780 ?        S    06:23   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15579  0.0  0.0  8008  780 ?        S    06:23   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15581  0.0  0.0  8008  780 ?        S    06:23   0:00 /usr/sbin/exim -bd -q60m
    mailnull 15582  0.0  0.0  8008 1184 ?        S    06:23   0:00 /usr/sbin/exim -bd -q60m
    ayaam    15586  0.0  0.0  9880 1996 ?        D    06:23   0:00 /usr/sbin/exim -Mc 1GF7rn-000425-J3
     
  3. NoAgendas

    NoAgendas Guest

    root@server2 [~]# ps waux | grep -c exim
    93
    root@server2 [~]# lsof -p 15018 |more
    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
    exim 15018 mailnull cwd DIR 8,3 4096 6176837 /var/spool/exim
    exim 15018 mailnull rtd DIR 8,3 4096 2 /
    exim 15018 mailnull txt REG 8,3 695748 30027544 /usr/sbin/exim
    exim 15018 mailnull mem REG 8,3 12838 8962115 /lib/libutil-2.3.4.so
    exim 15018 mailnull mem REG 8,3 80948 30019650 /usr/lib/libgssapi_krb5.so.2.2
    exim 15018 mailnull mem REG 8,3 45889 8962097 /lib/libnss_files-2.3.4.so
    exim 15018 mailnull mem REG 8,3 30584 8962143 /lib/libpam.so.0.77
    exim 15018 mailnull mem REG 8,3 176195 8962119 /lib/tls/libm-2.3.4.so
    exim 15018 mailnull mem REG 8,3 1451450 8962117 /lib/tls/libc-2.3.4.so
    exim 15018 mailnull mem REG 8,3 211948 8962182 /lib/libssl.so.0.9.7a
    exim 15018 mailnull mem REG 8,3 939304 8962051 /lib/libcrypto.so.0.9.7a
    exim 15018 mailnull mem REG 8,3 1259944 30064910 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so
    exim 15018 mailnull mem REG 8,3 413704 30019664 /usr/lib/libkrb5.so.3.2
    exim 15018 mailnull mem REG 8,3 92009 8962121 /lib/tls/libpthread-2.3.4.so
    exim 15018 mailnull mem REG 8,3 77740 8962109 /lib/libresolv-2.3.4.so
    exim 15018 mailnull mem REG 8,3 25487 8962075 /lib/libcrypt-2.3.4.so
    exim 15018 mailnull mem REG 8,3 5668 8962134 /lib/libcom_err.so.2.1
    exim 15018 mailnull mem REG 8,3 93444 8962081 /lib/libnsl-2.3.4.so
    exim 15018 mailnull mem REG 8,3 134640 30019654 /usr/lib/libk5crypto.so.3.0
    exim 15018 mailnull mem REG 8,3 106397 8962124 /lib/ld-2.3.4.so
    exim 15018 mailnull mem REG 8,3 844068 8962161 /lib/tls/i686/libdb-4.2.so
    exim 15018 mailnull mem REG 8,3 13620 8962077 /lib/libdl-2.3.4.so
    exim 15018 mailnull mem REG 8,3 54372 8962128 /lib/libaudit.so.0.0.0
    exim 15018 mailnull mem REG 8,3 21303 8962168 /lib/libsafe.so.2.0.16
    exim 15018 mailnull mem REG 8,3 62248 30019416 /usr/lib/libz.so.1.2.1.2
    exim 15018 mailnull 0u CHR 1,3 2358 /dev/null
    exim 15018 mailnull 1u CHR 1,3 2358 /dev/null
    exim 15018 mailnull 2u CHR 1,3 2358 /dev/null
    exim 15018 mailnull 3u IPv4 22567686 TCP *:smtp (LISTEN)
    exim 15018 mailnull 6w REG 8,3 769127065 6160568 /var/log/exim_mainlog
    root@server2 [~]# /usr/sbin/lsof -p 15018
    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
    exim 15018 mailnull cwd DIR 8,3 4096 6176837 /var/spool/exim
    exim 15018 mailnull rtd DIR 8,3 4096 2 /
    exim 15018 mailnull txt REG 8,3 695748 30027544 /usr/sbin/exim
    exim 15018 mailnull mem REG 8,3 12838 8962115 /lib/libutil-2.3.4.so
    exim 15018 mailnull mem REG 8,3 80948 30019650 /usr/lib/libgssapi_krb5.so.2.2
    exim 15018 mailnull mem REG 8,3 45889 8962097 /lib/libnss_files-2.3.4.so
    exim 15018 mailnull mem REG 8,3 30584 8962143 /lib/libpam.so.0.77
    exim 15018 mailnull mem REG 8,3 176195 8962119 /lib/tls/libm-2.3.4.so
    exim 15018 mailnull mem REG 8,3 1451450 8962117 /lib/tls/libc-2.3.4.so
    exim 15018 mailnull mem REG 8,3 211948 8962182 /lib/libssl.so.0.9.7a
    exim 15018 mailnull mem REG 8,3 939304 8962051 /lib/libcrypto.so.0.9.7a
    exim 15018 mailnull mem REG 8,3 1259944 30064910 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so
    exim 15018 mailnull mem REG 8,3 413704 30019664 /usr/lib/libkrb5.so.3.2
    exim 15018 mailnull mem REG 8,3 92009 8962121 /lib/tls/libpthread-2.3.4.so
    exim 15018 mailnull mem REG 8,3 77740 8962109 /lib/libresolv-2.3.4.so
    exim 15018 mailnull mem REG 8,3 25487 8962075 /lib/libcrypt-2.3.4.so
    exim 15018 mailnull mem REG 8,3 5668 8962134 /lib/libcom_err.so.2.1
    exim 15018 mailnull mem REG 8,3 93444 8962081 /lib/libnsl-2.3.4.so
    exim 15018 mailnull mem REG 8,3 134640 30019654 /usr/lib/libk5crypto.so.3.0
    exim 15018 mailnull mem REG 8,3 106397 8962124 /lib/ld-2.3.4.so
    exim 15018 mailnull mem REG 8,3 844068 8962161 /lib/tls/i686/libdb-4.2.so
    exim 15018 mailnull mem REG 8,3 13620 8962077 /lib/libdl-2.3.4.so
    exim 15018 mailnull mem REG 8,3 54372 8962128 /lib/libaudit.so.0.0.0
    exim 15018 mailnull mem REG 8,3 21303 8962168 /lib/libsafe.so.2.0.16
    exim 15018 mailnull mem REG 8,3 62248 30019416 /usr/lib/libz.so.1.2.1.2
    exim 15018 mailnull 0u CHR 1,3 2358 /dev/null
    exim 15018 mailnull 1u CHR 1,3 2358 /dev/null
    exim 15018 mailnull 2u CHR 1,3 2358 /dev/null
    exim 15018 mailnull 3u IPv4 22567686 TCP *:smtp (LISTEN)
    exim 15018 mailnull 6w REG 8,3 769193960 6160568 /var/log/exim_mainlog
    [/code]
     
  4. NoAgendas

    NoAgendas Guest

    One person is also getting this suddenly on two domains

    Warning: main(): php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution in /home/help/public_html/index.html on line 310

    Warning: main(http://www.client.com/inc/urcin.php): failed to open stream: Success in /home/help/public_html/index.html on line 310

    Warning: main(): Failed opening 'http://www.client.com/inc/urcin.php' for inclusion (include_path='.:/usr/lib/php') in /home/help/public_html/index.html on line 310


    I ran fixnamed, fixndc, fixrndc, fixbuggynamed, restartsrv_named, did not fix it.

    Strange enough if I do via command line:
    host clientdomain.com

    I get:

    Host clientdomain.com not found: 2(SERVFAIL)'

    Yet dnsstuff.com reporrts the domain up and the site loads fine (but with the error mentioned above).
     
    #4 NoAgendas, Aug 21, 2006
    Last edited by a moderator: Aug 21, 2006
  5. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    I've got the exact same problem (mailnull) - I've opened a ticket with cPanel regarding this.

    I'll let you know if they manage to fix it.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Have you check your exim_mainlog to see if it's incoming or outgoing email? If it's outgoing, enable extended exim logging to see what's causing it.
     
  7. NoAgendas

    NoAgendas Guest

    The problem now is bl.spamcop.net blacklisting on the same server.

    They do not tell you WHO (domain) is the cause, why? How stupid is that?

    By the way, how do I enable exim logging? Isn't that in my exim config that I posted?
     
  8. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    In the Exim Advanced Editor (in the first box), you will find:
    log_selector = +arguments +subject (which is how you currently have it set)

    Change this to log_selector = +all and then tail /var/log/exim_mainlog. You will get lots of information, and will more than likely find which account and script has been compromised.
     
  9. NoAgendas

    NoAgendas Guest

    Please read the first post. It is already setup that way, which I figured but wanted to double check. I am not able to see anything suspicous while tailing the mail log. What info would I possibly look for to be considered suspicious?
     
  10. NoAgendas

    NoAgendas Guest

    Any updates yet?
     
  11. ebinfo

    ebinfo Active Member

    Joined:
    Oct 5, 2005
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    i had something similar happen to me.

    i first restarted EXIM to get rid of all the mailnull processes.

    then i watched my mail queue for a while.

    i noted that somebody was spamming one of the websites hosted on my server.

    meaning, sending mass emails, and make it look like it was sent from a domain on my server using the From header.

    result, all mail that was sent and didn't went to a valid email got bounced back, and went straight to my server all at once.

    this massive email hit the server in such a way that it drove the cpu nuts for a while.

    since most of all the spam email were coming from a specific domain, i had that domain default address point to :fail: no such address here

    not sure if it will fix the problem, but at least now the emails are not going to be inserted in the mail queue for delivery to these non existant addresses, instead they will be just bounced back.

    hope this helps.
     

Share This Page