My server this with load average 105.80, Somebody is using the EXIM of my server.

WhiteBear

Well-Known Member
Feb 19, 2004
53
0
156
Please, can you help me?

They are using my server to make Spam. As I decide this problem.

Thank you,

WhiteBear
 

bjarne

Well-Known Member
Mar 23, 2002
135
0
316
At least check the mailque and delete it if it is huge - more then 1000 emails.

Check WHM settings and set a max each domain can send pr hour, remove the formmail and if that does not help - call 911 :)

No but you could remove permitions for nobody to send mail - that would help.

If load is critical try and stop apache webserver for a litle while, that might actualy help.

Removing the mailq and look after what get's there can help you track the spammer - wich domain is being used.
 

WhiteBear

Well-Known Member
Feb 19, 2004
53
0
156
1Bpa4l-0003Pd-4g-H
mailnull 47 12
This is one of used heading for the SPAMER:


<>
1090965935 0
-ident mailnull
-received_protocol local
-body_linecount 53
-frozen 1090965935
-localerror
XX
1
[email protected]

149P Received: from mailnull by server.server.com with local (Exim 4.34)
id 1Bpa4l-0003Pd-4g
for [email protected]; Tue, 27 Jul 2004 19:05:35 -0300
044 X-Failed-Recipients: [email protected]
031 Auto-Submitted: auto-generated
061F From: Mail Delivery System <[email protected]>
026T To: [email protected]
059 Subject: Mail delivery failed: returning message to sender
050I Message-Id: <[email protected]>
038 Date: Tue, 27 Jul 2004 19:05:35 -0300
 

WhiteBear

Well-Known Member
Feb 19, 2004
53
0
156
This is a complete message that consists in the mail queue:

1BpZDg-0007XO-A4-H
mailnull 47 12
<>
1090962644 0
-ident mailnull
-received_protocol local
-body_linecount 65
-frozen 1090962644
-localerror
XX
1
[email protected]

152P Received: from mailnull by server.server.com with local (Exim 4.34)
id 1BpZDg-0007XO-A4
for [email protected]; Tue, 27 Jul 2004 18:10:44 -0300
123 X-Failed-Recipients: [email protected],
[email protected],
[email protected],
[email protected],
[email protected]
031 Auto-Submitted: auto-generated
061F From: Mail Delivery System <[email protected]>
029T To: [email protected]
059 Subject: Mail delivery failed: returning message to sender
050I Message-Id: <[email protected]>
038 Date: Tue, 27 Jul 2004 18:10:44 -0300


1BpZDg-0007XO-A4-D
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
SMTP error from remote mailer after MAIL FROM:<[email protected]>:
host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
DNS FAILURE
[email protected]
SMTP error from remote mailer after MAIL FROM:<[email protected]>:
host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
DNS FAILURE
[email protected]
SMTP error from remote mailer after MAIL FROM:<[email protected]>:
host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
DNS FAILURE
[email protected]
SMTP error from remote mailer after MAIL FROM:<[email protected]>:
host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
DNS FAILURE
[email protected]
SMTP error from remote mailer after MAIL FROM:<[email protected]>:
host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
DNS FAILURE

------ This is a copy of the message, including all the headers. ------

Return-path: <[email protected]>
Received: from nobody by server.server.com with local (Exim 4.34)
id 1BpZDg-0007XL-4A; Tue, 27 Jul 2004 18:10:44 -0300
To: [email protected],[email protected],[email protected],[email protected],[email protected]
Subject: Workplace taking up all your time and need that extra degree?
From: <[email protected]>
X-Mailer: Servico de formulario gratuito - Webmasters Online
Message-Id: <[email protected]>
Date: Tue, 27 Jul 2004 18:10:44 -0300


recipient = [email protected],[email protected],[email protected],[email protected],[email protected]+============================================+
subject = Workplace taking up all your time and need that extra degree?+============================================+
email = [email protected]+============================================+
FSvSthSyAx29447 =

It's now possible to Earn Affordable Accredited Degree!

*No Studies
*No Attendance
*No Waiting
*No Examinations

Just a dial-pad away_1-253-369-6717 B4zGCJvIaGu6CIO0woy2kg


Stop.Receivng E-mails geocities.com/jedwardwi/hey







+============================================+
realname = bernus07+============================================+


Thank you,

WhiteBear
 

sawbuck

Well-Known Member
Jan 18, 2004
1,365
10
168
cPanel Access Level
Root Administrator
Have you tried anything suggested so far? Do you have any of the normal restrictions in place ie: user "nobody" allowed to send email, etc? You can add logging to exim and then tail the mainlog file. Also grep “message ID” /var/log/exim_*
 

sawbuck

Well-Known Member
Jan 18, 2004
1,365
10
168
cPanel Access Level
Root Administrator
Assuming you have root access to WHM. Service Configuration>>Exim Configuration Editor>>Verify the existence of email senders
Also in WHM under Server Setup>>Tweak Settings>>Prevent user nobody from sending email. Also should consider limiting the number of emails per hour allowed to be sent.
 
Last edited:

WhiteBear

Well-Known Member
Feb 19, 2004
53
0
156
Done. I go to look at if it continues the sending of e-mails.

Thank you, Sawbuck

WhiteBear
 

hicom

Well-Known Member
May 23, 2003
292
7
168
I'm wondering , doesn't limiting the emails per hours allowed to send per domain also causes problems with large mailman mailing lists ?
 

sawbuck

Well-Known Member
Jan 18, 2004
1,365
10
168
cPanel Access Level
Root Administrator
It can, but you can adjust it accordingly when you get your spam problem under control. You can also throttle back large lists to only send a certain number per hour.