SPAMd / EXIM fails frequently... Any solutions?

[ramcjbin]

Hi,

100's of processes like the ones shown below causes SPAMd / EXIM to crash.

1053 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1136 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1219 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1413 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1419 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1421 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1422 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1482 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1490 mailnull 0 0.0 0.2 /usr/sbin/exim -bd -q60m
1541 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1542 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1592 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1593 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1597 mailnull 0 0.0 0.2 /usr/sbin/exim -bd -q60m
1621 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1642 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1692 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1693 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1697 mailnull 0 0.0 0.2 /usr/sbin/exim -bd -q60m
1801 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m

How to correct this problem?

 

[AndyReed]

100's of processes like the ones shown below causes SPAMd / EXIM to crash.

1053 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1801 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m

What's your Kernel version? You might have a script that loops indefinitely, or spammer using a script to deliver their spam. Did you check email traffic on your server? Does that cause server high load?

 

[ramcjbin]

What's your Kernel version? You might have a script that loops indefinitely, or spammer using a script to deliver their spam. Did you check email traffic on your server? Does that cause server high load?

My kernel version is 2.6.14.3.dn2.64

MRTG shows mostly in single digit of received & send mails. Many times 1 to 5.

I use chripy's dictionary attack in EXIM and even reduced the allowed failure from 3 to 2

I see rejections in Exim logs.

Server load is very low.

Now installed PRM to intervene mailnull processes to keep control of it.

Dictionary attacks are going on as usual as per mail log and that too has only 2 to 3 attack entries in a minute.

Still lot of EXIM connections for very few mails.

Any idea where to check further?