Author: Graeme Fowler Date: To: exim users Subject: Re: [exim] SMTP error from remote mail server after pipelined MAIL
On 25 Sep 2019, at 15:43, necktwi via Exim-users <exim-users@???> wrote: > How to run recovery? I tried rm -rf /var/spool/exim/db/* and started the exim
That’s one perfectly valid way, although there are others specific to the Berkeley DB tools you have installed (or can install).
However:
> These messages are being flooded every second! How did info@??? pipeline mail to yahoo from my server? I didn't send any mail to any gmail user and how come my exim server is pipelining a request to gmail server every second?
You need to look at your logs in more detail, for the lines containing ‘ <= ‘. That’ll show from where the messages are arriving.
It’s almost certainly going to be one of the following in decreasing order of likelihood but increasing seriousness:
1. Compromised account using SMTP Auth
2. Compromised account using webmail
3. Configuration allowing open relay
4. Configuration allowing relay from a box which has been compromised
5. Compromised account running arbitrary code on your box