Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > my exim is under attack


my exim is under attack




Posted by mixmox, 12-16-2008, 03:40 PM
my exim is under attack hello. my exim is under ddos: exim (pid 8042 8158 8169 8175 8249 8254 8267 8276 8384 8397 8398 8556 8560 8561 8587 8663 8669 8705 8707 8711 8752 8783 8790 8796 8799 8811 8881 8883 8884 8929 8932 8934 9014 9019 9025 9035 9060 9087 9089 9103 9159 9163 9165 9393 9407 9489 9499 9547 9584 9588 9602 9642 9646 9652 9664 9726 9811 9812 9822 9857 9880 9902 9913 9915 9922 9944 9961 9965 9967 9974 9999 10072 10081 10082 10083 10086 10109 10111 10112 10114 10115 10116 10145 10154 10174 10300 10304 10310 10323 10348 10349 10355 10357 10359 10379 10398 10399 10412 10416 10418 10425 10436 10437 10475 10476 10481 10501 10504 10505 10512 10522 10523 10532 10540 10545 10547 10548 10549 10550 10574 10578 10588 10608 10610 10628 10630 10651 10654 10733 10755 10758 10759 10761 10764 10765 10770 10773 10774 10775 10780 10781 10814 10816 10819 10820 10822 10847 10852 10853 10854 10856 10870 10873 10874 10894 10896 10898 10899 10930 10936 10946 10968 10970 10991 10997 11218 11251 11270 11274 11278 11284 11285 11309 11322 11323 11327 11328 11329 11331 11335 11348 11379 11384 11387 11406 11407 11418 11421 11423 11447 11448 11460 11475 11486 11487 11509 11515 11523 11529 11548 11563 11572 11615 11631 11635 11638 11686 11715 11720 11721 11736 11737 11738 11739 11740 11741 11742 11743 ) how can i solve it? plz help me
Posted by eth00, 12-16-2008, 04:31 PM
Check the mail logs, is it literally under attack or just a lot of emails? If it is an attack what type ? One possible option is reduce the amount exim can do: smtp_connect_backlog = 50 smtp_accept_max = 100 deliver_queue_load_max = 3 You could lower those values. Just know what you are doing if you do that - emails will be rejected. Disabling catch-alls can help. There is a lot more possible but without more information it is hard to point you in the right direcion. __________________ John Security and general linux how-to'sTotalServerSolutions - for all your linux server and colocation needs!
Posted by mixmox, 12-16-2008, 05:15 PM
TNX but its not work. i have change my port to 255 but its not work too.
Posted by eth00, 12-16-2008, 05:16 PM
Are you sure it is outbound email? It sounds like you may just have a spammer sending emails. __________________ John Security and general linux how-to'sTotalServerSolutions - for all your linux server and colocation needs!
Posted by mixmox, 12-16-2008, 05:35 PM
but i have 20 user in this server and i think that its not spam. how can i check it?
Posted by @Matt, 12-16-2008, 06:58 PM
Do you have a control panel currently installed? __________________HostPenguin - Separate Yourself ● A Christian Owned and Operated Hosting Provider!● Shared, Reseller, Virtual Private Server Hosting and Website Integrationshttp://www.HostPenguin.net - http://Integration.HostPenguin.net - Sales@HostPenguin.net
Posted by LoganNZ, 12-16-2008, 10:11 PM
Check out whom/what is sending or what mail is coming in tail -f /var/log/exim_mainlog __________________Server Systems Administration NZ | SSANZGot Hacked? | 24/7/365 Remote Professional Support | Affordable Server Management
Posted by majoosh, 12-17-2008, 12:04 AM
Quote: Originally Posted by nimafire hello. my exim is under ddos: exim (pid 8042 8158 8169 8175 8249 8254 8267 8276 8384 8397 8398 8556 8560 8561 8587 8663 8669 8705 8707 8711 8752 8783 8790 8796 8799 8811 8881 8883 8884 8929 8932 8934 9014 9019 9025 9035 9060 9087 9089 9103 9159 9163 9165 9393 9407 9489 9499 9547 9584 9588 9602 9642 9646 9652 9664 9726 9811 9812 9822 9857 9880 9902 9913 9915 9922 9944 9961 9965 9967 9974 9999 10072 10081 10082 10083 10086 10109 10111 10112 10114 10115 10116 10145 10154 10174 10300 10304 10310 10323 10348 10349 10355 10357 10359 10379 10398 10399 10412 10416 10418 10425 10436 10437 10475 10476 10481 10501 10504 10505 10512 10522 10523 10532 10540 10545 10547 10548 10549 10550 10574 10578 10588 10608 10610 10628 10630 10651 10654 10733 10755 10758 10759 10761 10764 10765 10770 10773 10774 10775 10780 10781 10814 10816 10819 10820 10822 10847 10852 10853 10854 10856 10870 10873 10874 10894 10896 10898 10899 10930 10936 10946 10968 10970 10991 10997 11218 11251 11270 11274 11278 11284 11285 11309 11322 11323 11327 11328 11329 11331 11335 11348 11379 11384 11387 11406 11407 11418 11421 11423 11447 11448 11460 11475 11486 11487 11509 11515 11523 11529 11548 11563 11572 11615 11631 11635 11638 11686 11715 11720 11721 11736 11737 11738 11739 11740 11741 11742 11743 ) how can i solve it? plz help me Seems spamming from inside out ? what is the result of exim -bp | exiqsumm ? Majoosh
Posted by ZoomS, 12-17-2008, 12:11 AM
Run the command below and see who is sending most e-mails: Code: exim -bpru
Posted by Saul V, 12-17-2008, 03:17 AM
Run the following command to find out which domain is sending more mails exim -bpru|sort|uniq -c|sort -nk 1
Posted by mixmox, 12-17-2008, 04:58 AM
Hello. my /var/log/exim_mainlog is 19 MB and the main mail witch one is ddos our server is :root@mydomain.com a part of exim -bpru|sort|uniq -c|sort -nk 1 : 1 6m 5.1K 1LCqgs-0002KG-14 1 6m 5.1K 1LCqh3-0002KP-Nn 1 6m 5.9K 1LCqgT-0002Jk-Qt <> *** frozen *** 1 6m 6.0K 1LCqgK-0002J2-Ro <> *** frozen ***
Posted by mixmox, 12-18-2008, 12:16 PM
Can any body help me?


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Problem On Debian - Reboot Every Hour (Views: 723)
Direct Admin Managed Solutions ? (Views: 779)
Malware warning from Opera (Views: 711)
Am I running out of power? (Views: 790)
http://ss.stratustechinc.com (Views: 670)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.