The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spammer

Discussion in 'General Discussion' started by DaVeKH, May 17, 2004.

  1. DaVeKH

    DaVeKH Member

    Joined:
    Apr 4, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    My exim load is getting so high it keeps crashing. Theres a user under top sending 50 hosts thats sent out 100 times more emails than anyone else. Its got a domain however the domain isnt on my server. How do I block this guy from sending out mail?
     
  2. DaVeKH

    DaVeKH Member

    Joined:
    Apr 4, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Whats also weird is:
    /usr/bin/php search.php is using %CPU 66.0

    Top Process %CPU 99.9 /usr/sbin/exim -q
    Top Process %CPU 96.6 /usr/sbin/exim -q
    Top Process %CPU 95.3 /usr/sbin/exim -q
    Top Process %CPU 66.0 /usr/bin/php search.php
    Top Process %CPU 28.5 /usr/bin/php index2.php
    Top Process %CPU 26.6 /usr/bin/php index2.php
     
  3. tvcnet

    tvcnet Well-Known Member
    PartnerNOC

    Joined:
    Aug 15, 2003
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Diego
    cPanel Access Level:
    DataCenter Provider
    First identify who the person overloading your email system.

    Netstats is s wonderful tool for checking the port for email:
    netstat -n | grep :25 | sort -k 5 -n

    or for web site DOS:
    netstat -n | grep :80 | sort -k 5 -n

    Once you identify the likely IP then use an exim rules blacklist configuration to help you more easily deny IP addresses so they can't send you email.

    I highly recommend this wonderfully written rule set:
    http://linux.cvf.net/cp_eximrules.html


    Enjoy!
    Jim
    TVCNet.com
     

Share This Page