The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ridiculous mail queue

Discussion in 'E-mail Discussions' started by Furious George, Jan 10, 2006.

  1. Furious George

    Joined:
    Oct 9, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    i deleted the undeliverable mail queue (over 1000 messages... probably in the 15,000s) only to find not 16 hours later over 1000 messages were in queue again. can any one suggest how to tackle this problem? i havnt investigated where most of them are coming and its hard since loading thousands of messages is a bit taxing
     
  2. madaboutlinux

    madaboutlinux Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    1,052
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Earth
    It seems that some accounts are using your server for spamming. You will get all the information about those domains from the "Mail Queue Manager" itself by checking the header of the email. Check in the Mail Queue whether the emails are going to a particular email account or to a particular domain and from its header you will get the domain name who is sending the emails in bulk. You can suspend the account or terminate it as per your wish.

    Give it a try.
     
  3. hergy80

    hergy80 Well-Known Member

    Joined:
    Sep 4, 2004
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    I had a problem like this, it was someone exploiting a php script. I used the setting in WHM->Tweek Settings:

    Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)

    And checked this temporarily. This stopped the spam so I could find and remove it.

    To only remove the mail that wasn't supposed to be there, I used this script:
    http://forums.cpanel.net/showthread.php?t=41026&highlight=clean+mail+queue

    Then after looking at a few messages, I could narrow down a common theme (I think the reply to was the same) and just delete those message. I did continue to see messages coming in since many were getting bounced back, but it should taper off.

    Then I installed mod_security to help prevent the php exploits (injections) without breaking everyone's scripts.

    If you had a problem similar to mine, this should hopefully help.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Also, make sure that no-one is using :blackhole: in /etc/valiases/* and if so, replace with :fail:. Additionally, don't allow email to be queued for accounts over quota (WHM > Exim Configuration Editor).
     
  5. mdelacruz

    mdelacruz Member

    Joined:
    Apr 24, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    fail or blackhole

    Chirpy:

    I read somewhere that the best configuration is :blackhole: because this way messages are discarded and with :fail: the server try to respond the email to let the user that the account doesn't exists for example.

    I have the same problem with the queue with a user but almost all the emails in queue are because the user have his mail account full. How can I deal with this problem?

    Thnak you
     
  6. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    Word to the wise here

    Follow Chirpys instructions posted above

    Chirpys settings and methods work great and will solve your m ail issues

    and as stated above do not use blackhole instead use fail setting
     
  7. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    On the quota issue, you can separately set how long to hold those messages in the retry rules for exim.

    * quota F,12h,30m;

    or even just fail immediately.
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That used to be the case a couple of years ago. Not any more, have a read of this:
    http://www.configserver.com/free/fail.html
     
  9. mdelacruz

    mdelacruz Member

    Joined:
    Apr 24, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    It's clear right now

    Thanks chirpy it's clear right now, but I have to deal with this problem, my server mail queue is getting about 100 mail for this only reason:

    --quote
    1FMmxg-0006gL-VG-D
    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    xx.xx@domain.com
    mailbox is full: retry timeout exceeded
    unquote--

    Is there a way to deal with this info? Do you have a solution for it?

    Thank you
     
  10. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    100 emails in your mail queue is really not a problem, you should get worried about it when it gets into the 1000 +
    As chirpy mentioned , enable don't allow email to be queued for accounts over quota in WHM > Exim Configuration Editor
     
  11. mdelacruz

    mdelacruz Member

    Joined:
    Apr 24, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    It's enabled

    In exim I have:

    Discard emails for users who have exceeded their quota instead of keeping them in the queue ENABLED

    The only one that is not enabled is:

    Always set the Sender: header when the sender is changed from the actual sender. (Unchecking this will stop "On behalf of" data in Microsoft(R) Outlook, but may limit your ability to track abuse of the mail system.)

    Thank you
     
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Those are the bounce messages intended for the sender to which their email was dropped because the account was overquota. To stop those you should either delete the mail account if it isn't being used, or have it cleared out, or increase the quota on it. You can also simply ignore the emails as they'll disappear off the queue in the usual manner.
     
  13. janiosarmento

    janiosarmento Member

    Joined:
    Jan 5, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Rio de Janeiro, BR
    cPanel Access Level:
    Root Administrator
    An easy way to check which domains are using blackhole instead of anything else is to SSH your server then issue the following commands:

    root@phenix [~]# cd /etc/valiases
    root@phenix [/etc/valiases]# grep blackhole *
     
  14. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Use my mail queue alert script:

    http://webhostgear.com/projects/exim.txt

    It checks your servers mail queue load and will email you to whatever address(es) you like when it reaches X amount. Just set the cron to run as often as needed, something like 1 hour or 6 hours, whatever you want!

    cheers
     
Loading...

Share This Page