mpisinc
11-27-2004, 03:44 AM
Hello,
I run linux using cpanel and have all the new versions, and all op is updated.
The problem is that I had a few days back a spammer using the return address as our address and no way to get him to stop as he is using a china webserver. So we were getting alot of junk mail returned to us.
So I blackholed all the emails so that we would stop getting all these. This seemed to help alot and we do not get alot of junk mails now that are returned.
The problem seems to be now that Exim runs at very high loads now. I have been watching Top with 1-2 second updates and every 2-5 seconds exim loads are at 99.9 CPU. Exim shuts down a good bit and when restart it does not come back on rightaway.
My tech has put a cron to restart exim every 20 mins in as a temp thing...
Looking at my server logs I see this...
2004-11-26 02:29:43 Connection from [203.15.93.5] refused: too many connections
2004-11-26 02:29:43 Connection from [217.76.240.2] refused: too many connections
2004-11-26 02:29:43 Connection from [217.76.240.2] refused: too many connections
2004-11-26 02:29:43 Connection from [66.40.26.178] refused: too many connections
2004-11-26 02:29:43 Connection from [216.43.129.71] refused: too many connections
2004-11-26 02:29:43 Connection from [216.190.22.109] refused: too many connections
2004-11-26 02:29:43 Connection from [139.142.90.157] refused: too many connections
2004-11-26 02:29:43 Connection from [217.126.15.203] refused: too many connections
2004-11-26 02:29:43 Connection from [216.220.226.134] refused: too many connections
2004-11-26 02:29:43 Connection from [222.36.41.198] refused: too many connections
2004-11-26 02:29:44 Connection from [216.77.79.20] refused: too many connections
2004-11-26 02:29:44 Connection from [203.47.209.10] refused: too many connections
2004-11-26 02:29:40 H=(nws002.pcg-group.com) [63.218.3.244] F=<> temporarily rejected RCPT <furpfyljs@mydomainname.com>: error in redirect data: missing or malformed local part (expected word or "<") in ":blackhole"
2004-11-26 02:29:40 Connection from [194.248.12.33] refused: too many connections
2004-11-26 02:29:40 Connection from [207.44.142.139] refused: too many connections
2004-11-26 02:29:40 H=(mail.ijs.com) [66.77.137.12] F=<> temporarily rejected RCPT <kibhtbbu@mydomainname.com>: error in redirect data: missing or malformed local part (expected word or "<") in ":blackhole"
85% of the exim_mainlog is filled with connection from (IP) and connection refused.. the other 15% shows the blackhole error above.
I see this all over the exim_mainlog and the log gets so big that I have to del it every 2 days. The last time it was at 100MB.
My techs think it is a problem with cpanel but I disagree.
Does anyone know what this could be? Could it be the return emails... And mail Queue is always under 50 -100 messages.
Please help as this has been a problem for the last 10 days now.
Thank you
Jody
I run linux using cpanel and have all the new versions, and all op is updated.
The problem is that I had a few days back a spammer using the return address as our address and no way to get him to stop as he is using a china webserver. So we were getting alot of junk mail returned to us.
So I blackholed all the emails so that we would stop getting all these. This seemed to help alot and we do not get alot of junk mails now that are returned.
The problem seems to be now that Exim runs at very high loads now. I have been watching Top with 1-2 second updates and every 2-5 seconds exim loads are at 99.9 CPU. Exim shuts down a good bit and when restart it does not come back on rightaway.
My tech has put a cron to restart exim every 20 mins in as a temp thing...
Looking at my server logs I see this...
2004-11-26 02:29:43 Connection from [203.15.93.5] refused: too many connections
2004-11-26 02:29:43 Connection from [217.76.240.2] refused: too many connections
2004-11-26 02:29:43 Connection from [217.76.240.2] refused: too many connections
2004-11-26 02:29:43 Connection from [66.40.26.178] refused: too many connections
2004-11-26 02:29:43 Connection from [216.43.129.71] refused: too many connections
2004-11-26 02:29:43 Connection from [216.190.22.109] refused: too many connections
2004-11-26 02:29:43 Connection from [139.142.90.157] refused: too many connections
2004-11-26 02:29:43 Connection from [217.126.15.203] refused: too many connections
2004-11-26 02:29:43 Connection from [216.220.226.134] refused: too many connections
2004-11-26 02:29:43 Connection from [222.36.41.198] refused: too many connections
2004-11-26 02:29:44 Connection from [216.77.79.20] refused: too many connections
2004-11-26 02:29:44 Connection from [203.47.209.10] refused: too many connections
2004-11-26 02:29:40 H=(nws002.pcg-group.com) [63.218.3.244] F=<> temporarily rejected RCPT <furpfyljs@mydomainname.com>: error in redirect data: missing or malformed local part (expected word or "<") in ":blackhole"
2004-11-26 02:29:40 Connection from [194.248.12.33] refused: too many connections
2004-11-26 02:29:40 Connection from [207.44.142.139] refused: too many connections
2004-11-26 02:29:40 H=(mail.ijs.com) [66.77.137.12] F=<> temporarily rejected RCPT <kibhtbbu@mydomainname.com>: error in redirect data: missing or malformed local part (expected word or "<") in ":blackhole"
85% of the exim_mainlog is filled with connection from (IP) and connection refused.. the other 15% shows the blackhole error above.
I see this all over the exim_mainlog and the log gets so big that I have to del it every 2 days. The last time it was at 100MB.
My techs think it is a problem with cpanel but I disagree.
Does anyone know what this could be? Could it be the return emails... And mail Queue is always under 50 -100 messages.
Please help as this has been a problem for the last 10 days now.
Thank you
Jody