The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem: Server sending SPAM mails. Mail Queue with thousand of mails

Discussion in 'E-mail Discussions' started by jaimesuez, Jun 7, 2011.

  1. jaimesuez

    jaimesuez Member

    Joined:
    Apr 11, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    My server is sending SPAM mails. There are more than 4096 mails in queue. When I delete de mails in queue, in minutes it's get over thousand again.

    I attach TOP order by CPU and by Memory. Also attach an example of the mail queue and the mails that are sent.

    Please help that my server runs out of memory all the time.

    top.png
    top2.png
    mail queue.png
    View attachment mail example.txt
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Are you using DSO on the machine for the PHP handler? If so, I would suggest switching to suPHP and then changing this to "On" in WHM > Tweak Settings:

    The email you've provided was sent by the user nobody, so it isn't even possible to track down any other details without a lot of effort:

    By preventing nobody from sending emails, you'll stop these emails. Unfortunately, if you are using DSO for the PHP handler (WHM > Apache Configuration > PHP and SuExec Configuration area shows your current PHP handler), then you cannot stop the user nobody from sending emails as PHP scripts run as nobody and any mail script will run as that nobody user.

    Here are some additional tips for configuring exim to improve detection of spammers and to prevent spoofing:

    http://forums.cpanel.net/f34/setup-...-hour-per-domain-users-201222.html#post843452
     
  3. jaimesuez

    jaimesuez Member

    Joined:
    Apr 11, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Many thanks for the answer. I'll try to do this.

    But, there is a way for knowing wich subdomain is sending this mail? So I could fix the root of the problem.

    Thanks!
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If you are running DSO, then it is nearly impossible to determine.
     
  5. jaimesuez

    jaimesuez Member

    Joined:
    Apr 11, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Now I'm trying to change php handler to suPHP, but the server it really slow :(

    When I have this done. How can I know from where this mails are sent?

    Many thanks for everything!
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Did you review the previous thread I provided a link? This one:

    http://forums.cpanel.net/f34/setup-...-hour-per-domain-users-201222.html#post843452

    You need to change your settings after changing to suPHP to prevent nobody from sending first off. After that, you need to add the additional logging for exim in WHM > Exim Configuration Editor > Advanced Editor area. I don't imagine you want to remove sendmail as mentioned in the link, but you should do everything else. Once you have, then let us know how it is going for these spam sending out even. You are never going to be able to backtrack the existing emails to see who sent them. There isn't enough information to determine it under DSO.
     
Loading...

Share This Page