Autor: k9register Data: A: exim-users Assumpte: [Exim] some assistance please. mail hitting my server 1,000 to 4,000 emails in seconds.
This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Hello group.
My server has been hit for weeks at different times of the day with
1,000 to 4,000 emails in seconds, I have checked logs and watched top -c
for hours and ran netstat -an and still am confused as to how these
emails get in.
they are sent to or from my server as nobody and to all different
hotmail , yahoo and msn address, thosands of them all addressed to the
same account.
some mornings there are 12,000 emails in the queue, deleting them is not
a problem apart from a few clients emails which get lost in the process.
I have managed to stop them relaying out with some changes to exim.conf
and shutting downsend mail, when watching top -c I get multiple sendmail
procceses appear for a second and then gone, sure enough I check the
queue and thousands are there.
I have upgraded the kernal only yesterday, I run Bastille which is setup
fairly well.
Could I have some opinions as to how this sort of thing happens, I have
searched the server for mail-bombs and any exploits, which might cause
this, some have suggested its a client as my server is a webhosting
server, but to get 13 megabytes into my server or out of it in seconds
would take a good connection I would have thought.
