Re: [Exim] some assistance please. mail hitting my server 1,…

Top Page
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: k9register
CC: exim-users
Subject: Re: [Exim] some assistance please. mail hitting my server 1,000 to 4,000 emails in seconds.
k9register wrote:
> This is a multi-part message in MIME format.
> --
> [ Picked text/plain from multipart/alternative ]
> Hello group.
>
> My server has been hit for weeks at different times of the day with
> 1,000 to 4,000 emails in seconds, I have checked logs and watched top -c
> for hours and ran netstat -an and still am confused as to how these
> emails get in.
>
> they are sent to or from my server as nobody and to all different
> hotmail , yahoo and msn address, thosands of them all addressed to the
> same account.


Are you sure they come from the outside?
Not from some script running on the machine, like formmail?

> some mornings there are 12,000 emails in the queue, deleting them is not
> a problem apart from a few clients emails which get lost in the process.
>
> I have managed to stop them relaying out with some changes to exim.conf
> and shutting downsend mail, when watching top -c I get multiple sendmail
> procceses appear for a second and then gone, sure enough I check the
> queue and thousands are there.
>
> I have upgraded the kernal only yesterday, I run Bastille which is setup
> fairly well.
>
> Could I have some opinions as to how this sort of thing happens, I have
> searched the server for mail-bombs and any exploits, which might cause
> this, some have suggested its a client as my server is a webhosting
> server, but to get 13 megabytes into my server or out of it in seconds
> would take a good connection I would have thought.


Check your apache logs, for scripts that are hit VERY often.

Show some log-entries from exim and your config.

Enable queue_only mode for now, and disable the queue-runner.

ciao