Hi

i have a high load on the server and i see a lot of Exim process:

Top Process %CPU 72.5 /usr/sbin/exim -bd -q60m
Top Process %CPU 60.0 /usr/sbin/exim -odi -Mc 1BXhlg-00066A-UF
Top Process %CPU 52.2 /usr/sbin/exim -bd -q60m


i have also check the exim log and i found something like this:

2004-06-08 23:26:15 1BXo6p-0001kw-BN <= YRMJSU@hotmail.com H=(152-16-37-213.libre.auna.net) [213.37.16.152] P=smtp S=4271 id=hy246xv400-785080354995393803-896475358372516313933819297665@viii45 T="What are you thinking?"

2004-06-08 23:24:00 1BXo4b-0001fS-Np <= xbqvi@thaimail.com H=(pcp09189083pcs.towson01.md.comcast.net) [68.33.245.25] P=smtp S=1290 id=6568035152552280060510733.92937H4655760k@lemonde.fr T="koppers"


how can i find which script it are using?

do;

ps -auxww

and look for a process that is running over and over.

Also if you have SuExec, check the suexec log for any cgi script that is running at the exact time you are seeing in your logs.

You may also want to check the Mail Relayers under Mail in WHM, or also install MailScanner.

High exim loads are not always the sign of spammers. You could have a huge mail queue that is unfreezing. Have you checked for that? If you tail the logs, do you see a large amount of mail being sent from nobody, or a regular user sending out some sort of mailing? What about other scripts appearing in the process list that look out of place? Anything strange there? The items you've pasted in from your logs look like generic inbound mail that's probably spam via open relays/compromised boxes out in the world.

I got the EXACT SAME PROBLEM starting several days ago and I dont believe it was a spammer since I know everyone on my server and none would do that. I then checked maillogs and only a small mail que existed.

As of now my whole server is down, in part to this problem and ones stemming from it.