Vesta Control Panel - Forum

i have no idea why this happens, but apperently my smtp server is open?
I have 800.000 unsend mails in my queue, and rising.

I already removed them yesterday, blocked all access to port 25, but this morning there are again 500.000 mails.
What can i do?

i tested for a open relay on https://mxtoolbox.com/, but its closed.
There are no scripts, at least that i know
So, what is going on?

i have this in my conf:
dc_eximconfig_configtype='local'
dc_other_hostnames='vps2.sanderkerkhoff.com'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'

do i need to enter 127.0.0.1 in: dc_relay_nets=' ' ?

Have you checked who is generating mails?

Check queue: exim -bp
Read mail header: exim -Mvh mail_ID
Read body: exim -Mvb mail_ID

Additionally try read exim log: /var/log/exim/main.log

Check your php scripts, wordpress first - they 100% contains malicious code.

Your sites are infected and your server may be compromised. Disable your sites one by one and watch your exim queue using . then find the problem site and fix it.

mehargags wrote: ↑

Sun Apr 07, 2019 7:14 pm

Your sites are infected and your server may be compromised. Disable your sites one by one and watch your exim queue using

Code: Select all

exim -bpc

. then find the problem site and fix it.

Or user may install maldet and scan all websites :)