strange exim failed messages

epanagio

Well-Known Member
May 26, 2012
50
1
58
cPanel Access Level
Website Owner
I am trying to understand the following message I saw in the exim logs.
The top of the message says:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
Domain {my_domain_name_here} has exceeded the max emails per hour (313/250 (125%)) allowed. Message discarded.
Because users I do not expect many emails leaving the server I have set a limit.

Then it continues:

------ This is a copy of the message, including all the headers. ------

Return-path: <[email protected]>
Received: from nat-4.kem.sibset.net ([178.248.80.4]:55952 helo={my_domain_name_here}
by malamo.{my_domain_name_here} with esmtpa (Exim 4.82)
(envelope-from <[email protected]>)
id 1XJvwp-0007zq-5b
for [email protected]; Tue, 19 Aug 2014 22:48:27 -0400
Message-ID: <[email protected]{my_domain_name_here}>
From: "chvparis" <[email protected]>
To: "Myriam GIRAUX" <[email protected]>
Subject: =?ISO-8859-1?Q?chvparis=40yahoo.com?=
Date: Tue, 20 Aug 2014 03:48:26 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_F65F_032E8BBB.0E11DFAF"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3522.110
X-MIMEOLE: Produced By Microsoft MimeOLE V16.4.3522.110

This is a multi-part message in MIME format.
I am the only one who has access to this server but I do host a few "simple" websites.
Does this mean that the email came to my server from nat-4.kem.sibset.net?
Received: from nat-4.kem.sibset.net ([178.248.80.4]:55952 helo={my_domain_name_here}
by malamo.{my_domain_name_here} with esmtpa (Exim 4.82)
Also, this is who sent it and it should of went:
From: "chvparis" <[email protected]>
To: "Myriam GIRAUX" <[email protected]>
but how did I get this message in my log?

Do I have a problem here?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello :)

I suggest reviewing /var/log/exim_mainlog to see what type of email activity is occurring on your system. Look to see if any of the emails are coming from sources other than yourself. The following document may also help you:

How to prevent email abuse

Thank you.
 

epanagio

Well-Known Member
May 26, 2012
50
1
58
cPanel Access Level
Website Owner
OY!!

First of all let my apologize to the hundred of thousands of people who received spam from my server. SORRY!

Apparently because of the heartbleed bug the server was compromised and I "they" were sending spam my the droves. The server software has been updated and the issue is resolved.

I hope this message helps others.

Evan
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Please keep in mind that if your server has been exploited and root access has been obtained, then nothing short of reinstalling the OS/cPanel and restoring the accounts from backup archives is going to be a suitable method of cleaning the server.

Thank you.
 
Thread starter Similar threads Forum Replies Date
G Email 3
S Email 0
mickalo Email 2
M Email 4
N Email 2