mail server sending out thousands of spam mails

sander815 · Post by **sander815** » Fri Mar 29, 2019 7:27 am

i have no idea why this happens, but apperently my smtp server is open?
I have 800.000 unsend mails in my queue, and rising.

I already removed them yesterday, blocked all access to port 25, but this morning there are again 500.000 mails.
What can i do?

i tested for a open relay on https://mxtoolbox.com/, but its closed.
There are no scripts, at least that i know
So, what is going on?

i have this in my conf:
dc_eximconfig_configtype='local'
dc_other_hostnames='vps2.sanderkerkhoff.com'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'

do i need to enter 127.0.0.1 in: dc_relay_nets=' ' ?

dreiggy · Post by **dreiggy** » Fri Apr 05, 2019 6:08 pm

Have you checked who is generating mails?

Check queue: exim -bp
Read mail header: exim -Mvh mail_ID
Read body: exim -Mvb mail_ID

Additionally try read exim log: /var/log/exim/main.log

Post by **grayfolk** » Fri Apr 05, 2019 6:27 pm

Check your php scripts, wordpress first - they 100% contains malicious code.

Post by **mehargags** » Sun Apr 07, 2019 7:14 pm

Your sites are infected and your server may be compromised. Disable your sites one by one and watch your exim queue using

Code: Select all

exim -bpc

. then find the problem site and fix it.

dreiggy · Post by **dreiggy** » Sun Apr 07, 2019 8:09 pm

mehargags wrote: ↑
Sun Apr 07, 2019 7:14 pm
Your sites are infected and your server may be compromised. Disable your sites one by one and watch your exim queue using
Code: Select all
exim -bpc
. then find the problem site and fix it.

Or user may install maldet and scan all websites :)

Vesta Control Panel - Forum