Queue very huge - Spamming?

A

aarango

Member
PartnerNOC
Dec 4, 2013
7
0
1
cPanel Access Level
Root Administrator
Hello

From some days ago, in my queue (exim) I see a lot ofs email from accounts google to our accounts but using names of one domain inside my server (returned emails). I means:


Code: 
#exim -Mvl 1VoYIi-000PnS-5L
2013-12-05 12:45:05 Received from <> R=1VoYIh-000PnE-TG U=mailnull P=local S=2881 T="Mail delivery failed: returning message to sender"
2013-12-05 12:45:09 SMTP error from remote mail server after RCPT TO:<[email protected]>: host aspmx.l.google.com [173.194.78.26]: 550-5.1.1 The email account that you tried to reach does not exist. Please try\n550-5.1.1 double-checking the recipient's email address for typos or\n550-5.1.1 unnecessary spaces. Learn more at\n550 5.1.1 http://support.google.com/mail/bin/a...py?answer=6596 bo12si1008868wib.66 - gsmtp
2013-12-05 12:45:09 [email protected] R=dkim_lookuphost T=dkim_remote_smtp: SMTP error from remote mail server after RCPT TO:<[email protected]>: host aspmx.l.google.com [173.194.78.26]: 550-5.1.1 The email account that you tried to reach does not exist. Please try\n550-5.1.1 double-checking the recipient's email address for typos or\n550-5.1.1 unnecessary spaces. Learn more at\n550 5.1.1 http://support.google.com/mail/bin/a...py?answer=6596 bo12si1008868wib.66 - gsmtp
*** Frozen (delivery error message)

#exim -Mvb 1VoYIi-000PnS-5L
Return-path: <[email protected]>
Received: from cpe-c83a353d88c8.cpe.cableonda.net ([190.219.233.231]:26822)
by server with esmtp (Exim 4.82)
(envelope-from <[email protected]>)
id 1VoYIh-000PnE-TG
for [email protected]; Thu, 05 Dec 2013 12:45:04 +0000
Received: from apache by kdlqijaimrrgkdadi.bmatter.com with local (Exim 4.63)
(envelope-from <<[email protected]>>)
id 9M089L-KIWFUF-ML
for <[email protected]>; Thu, 5 Dec 2013 07:48:37 -0500
To: <[email protected]>
Subject: Job offer match, respond to apply
Its seems that:
An account/website/ is infected, is sending emails with for<[email protected]>, after the returned emails go back account. The queue is around 1000 en 1 hour.

I can't how I can see it because its using user=mailnull, and I dont know which user is using.

Any help?
Best Regards
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
Hello :)

Try opening one of the SPAM messages in the mail queue and see if the message headers provide you with any additional information. You can enable the following option under the "Mail" tab in "WHM >> Server Configuration >> Tweak Settings":

Code: 
Track email origin via X-Source email headers
This may provide more information in the headers of future emails sent from the server. Also, the following document is helpful for preventing email abuse:

cPanel - Prevent Email Abuse

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
K Large Exim Queue - How to speed up local delivery / remote sending Email 2
P Emails stand still in the delivery queue Email 8
I Queued mail for delivery email issue Email 4
Osama Tariq Queued For Delivery Email 13
S (Mail Queue) Mail delivery failed: returning message to sender Email 10
Similar threads
Large Exim Queue - How to speed up local delivery / remote sending
Emails stand still in the delivery queue
Queued mail for delivery email issue
Queued For Delivery
(Mail Queue) Mail delivery failed: returning message to sender
Top Bottom