The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My server this with load average 105.80, Somebody is using the EXIM of my server.

Discussion in 'General Discussion' started by WhiteBear, Jul 27, 2004.

  1. WhiteBear

    WhiteBear Well-Known Member

    Joined:
    Feb 19, 2004
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    Please, can you help me?

    They are using my server to make Spam. As I decide this problem.

    Thank you,

    WhiteBear
     
  2. bjarne

    bjarne Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    16
    At least check the mailque and delete it if it is huge - more then 1000 emails.

    Check WHM settings and set a max each domain can send pr hour, remove the formmail and if that does not help - call 911 :)

    No but you could remove permitions for nobody to send mail - that would help.

    If load is critical try and stop apache webserver for a litle while, that might actualy help.

    Removing the mailq and look after what get's there can help you track the spammer - wich domain is being used.
     
  3. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Have you turned on SMTP authentication in WHM Service Configuration?
     
  4. WhiteBear

    WhiteBear Well-Known Member

    Joined:
    Feb 19, 2004
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    1Bpa4l-0003Pd-4g-H
    mailnull 47 12
    This is one of used heading for the SPAMER:


    <>
    1090965935 0
    -ident mailnull
    -received_protocol local
    -body_linecount 53
    -frozen 1090965935
    -localerror
    XX
    1
    BKJPMZWYNRU@yahoo.com

    149P Received: from mailnull by server.server.com with local (Exim 4.34)
    id 1Bpa4l-0003Pd-4g
    for BKJPMZWYNRU@yahoo.com; Tue, 27 Jul 2004 19:05:35 -0300
    044 X-Failed-Recipients: usua@server.server.com
    031 Auto-Submitted: auto-generated
    061F From: Mail Delivery System <Mailer-Daemon@server.server.com>
    026T To: BKJPMZWYNRU@yahoo.com
    059 Subject: Mail delivery failed: returning message to sender
    050I Message-Id: <E1Bpa4l-0003Pd-4g@server.server.com>
    038 Date: Tue, 27 Jul 2004 19:05:35 -0300
     
  5. WhiteBear

    WhiteBear Well-Known Member

    Joined:
    Feb 19, 2004
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    This is a complete message that consists in the mail queue:

    1BpZDg-0007XO-A4-H
    mailnull 47 12
    <>
    1090962644 0
    -ident mailnull
    -received_protocol local
    -body_linecount 65
    -frozen 1090962644
    -localerror
    XX
    1
    bernus07wJHVUP@bsixm.net

    152P Received: from mailnull by server.server.com with local (Exim 4.34)
    id 1BpZDg-0007XO-A4
    for bernus07wJHVUP@bsixm.net; Tue, 27 Jul 2004 18:10:44 -0300
    123 X-Failed-Recipients: bernus95@aol.com,
    sarah82683@aol.com,
    tazehouse@aol.com,
    tazeguigui@aol.com,
    bernus07@aol.com
    031 Auto-Submitted: auto-generated
    061F From: Mail Delivery System <Mailer-Daemon@server.server.com>
    029T To: bernus07wJHVUP@bsixm.net
    059 Subject: Mail delivery failed: returning message to sender
    050I Message-Id: <E1BpZDg-0007XO-A4@server.server.com>
    038 Date: Tue, 27 Jul 2004 18:10:44 -0300


    1BpZDg-0007XO-A4-D
    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    bernus95@aol.com
    SMTP error from remote mailer after MAIL FROM:<bernus07wJHVUP@bsixm.net>:
    host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
    DNS FAILURE
    sarah82683@aol.com
    SMTP error from remote mailer after MAIL FROM:<bernus07wJHVUP@bsixm.net>:
    host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
    DNS FAILURE
    tazehouse@aol.com
    SMTP error from remote mailer after MAIL FROM:<bernus07wJHVUP@bsixm.net>:
    host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
    DNS FAILURE
    tazeguigui@aol.com
    SMTP error from remote mailer after MAIL FROM:<bernus07wJHVUP@bsixm.net>:
    host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
    DNS FAILURE
    bernus07@aol.com
    SMTP error from remote mailer after MAIL FROM:<bernus07wJHVUP@bsixm.net>:
    host mailin-01.mx.aol.com [64.12.138.57]: 550 REQUESTED ACTION NOT TAKEN:
    DNS FAILURE

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <bernus07wJHVUP@bsixm.net>
    Received: from nobody by server.server.com with local (Exim 4.34)
    id 1BpZDg-0007XL-4A; Tue, 27 Jul 2004 18:10:44 -0300
    To: bernus07@aol.com,tazeguigui@aol.com,tazehouse@aol.com,sarah82683@aol.com,bernus95@aol.com
    Subject: Workplace taking up all your time and need that extra degree?
    From: <bernus07wJHVUP@bsixm.net>
    X-Mailer: Servico de formulario gratuito - Webmasters Online
    Message-Id: <E1BpZDg-0007XL-4A@server.server.com>
    Date: Tue, 27 Jul 2004 18:10:44 -0300


    recipient = bernus07@aol.com,tazeguigui@aol.com,tazehouse@aol.com,sarah82683@aol.com,bernus95@aol.com+============================================+
    subject = Workplace taking up all your time and need that extra degree?+============================================+
    email = bernus07wJHVUP@bsixm.net+============================================+
    FSvSthSyAx29447 =

    It's now possible to Earn Affordable Accredited Degree!

    *No Studies
    *No Attendance
    *No Waiting
    *No Examinations

    Just a dial-pad away_1-253-369-6717 B4zGCJvIaGu6CIO0woy2kg


    Stop.Receivng E-mails geocities.com/jedwardwi/hey







    +============================================+
    realname = bernus07+============================================+


    Thank you,

    WhiteBear
     
  6. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Have you tried anything suggested so far? Do you have any of the normal restrictions in place ie: user "nobody" allowed to send email, etc? You can add logging to exim and then tail the mainlog file. Also grep “message ID” /var/log/exim_*
     
  7. WhiteBear

    WhiteBear Well-Known Member

    Joined:
    Feb 19, 2004
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6

    How I configure the SMTP authentication in WHM?

    Thank you,

    WhiteBear
     
  8. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Assuming you have root access to WHM. Service Configuration>>Exim Configuration Editor>>Verify the existence of email senders
    Also in WHM under Server Setup>>Tweak Settings>>Prevent user nobody from sending email. Also should consider limiting the number of emails per hour allowed to be sent.
     
    #8 sawbuck, Jul 27, 2004
    Last edited: Jul 27, 2004
  9. WhiteBear

    WhiteBear Well-Known Member

    Joined:
    Feb 19, 2004
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    Done. I go to look at if it continues the sending of e-mails.

    Thank you, Sawbuck

    WhiteBear
     
  10. hicom

    hicom Well-Known Member

    Joined:
    May 23, 2003
    Messages:
    272
    Likes Received:
    0
    Trophy Points:
    16
    I'm wondering , doesn't limiting the emails per hours allowed to send per domain also causes problems with large mailman mailing lists ?
     
  11. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    It can, but you can adjust it accordingly when you get your spam problem under control. You can also throttle back large lists to only send a certain number per hour.
     
Loading...

Share This Page