Problem: Server sending SPAM mails. Mail Queue with thousand of mails

jaimesuez

Member
Apr 11, 2011
7
0
51
My server is sending SPAM mails. There are more than 4096 mails in queue. When I delete de mails in queue, in minutes it's get over thousand again.

I attach TOP order by CPU and by Memory. Also attach an example of the mail queue and the mails that are sent.

Please help that my server runs out of memory all the time.

top.png
top2.png
mail queue.png
View attachment mail example.txt
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
42
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
Are you using DSO on the machine for the PHP handler? If so, I would suggest switching to suPHP and then changing this to "On" in WHM > Tweak Settings:

Prevent “nobody” from sending mail
The email you've provided was sent by the user nobody, so it isn't even possible to track down any other details without a lot of effort:

1QU3hD-0004bX-KY-H
nobody 99 99
<[email protected]>
1307481619 0
-ident nobody
-received_protocol local
By preventing nobody from sending emails, you'll stop these emails. Unfortunately, if you are using DSO for the PHP handler (WHM > Apache Configuration > PHP and SuExec Configuration area shows your current PHP handler), then you cannot stop the user nobody from sending emails as PHP scripts run as nobody and any mail script will run as that nobody user.

Here are some additional tips for configuring exim to improve detection of spammers and to prevent spoofing:

http://forums.cpanel.net/f34/setup-...-hour-per-domain-users-201222.html#post843452
 

jaimesuez

Member
Apr 11, 2011
7
0
51
Many thanks for the answer. I'll try to do this.

But, there is a way for knowing wich subdomain is sending this mail? So I could fix the root of the problem.

Thanks!
 

jaimesuez

Member
Apr 11, 2011
7
0
51
Now I'm trying to change php handler to suPHP, but the server it really slow :(

When I have this done. How can I know from where this mails are sent?

Many thanks for everything!
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
42
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
Did you review the previous thread I provided a link? This one:

http://forums.cpanel.net/f34/setup-...-hour-per-domain-users-201222.html#post843452

You need to change your settings after changing to suPHP to prevent nobody from sending first off. After that, you need to add the additional logging for exim in WHM > Exim Configuration Editor > Advanced Editor area. I don't imagine you want to remove sendmail as mentioned in the link, but you should do everything else. Once you have, then let us know how it is going for these spam sending out even. You are never going to be able to backtrack the existing emails to see who sent them. There isn't enough information to determine it under DSO.