After spammer attack emails are all in queue and not delivered
Hi all,
I have this problem, exim stop send mail from 2 days, i can receive mail in my main account and now are all in cpanle mail queue manager.
This a part of mail exim_mainlog
I tried to put csf in medium protection but still not work. I checked if my domain (domain.com) is blacklisted but its ok. I dont know whats happened in last 48 hours, before all worked... Can you help me please?
2014-03-23 13:03:38 1WRcZH-0005HM-Jg liberomx1.domain.com [212.52.xx.xx] Connection timed out
2014-03-23 13:04:48 1WRcZi-0005Yc-U7 liberomx1.domain.com [212.52.xx.xx] Connection timed out
2014-03-23 13:04:48 1WRcZi-0005Yc-U7 == antonio.sambataro@domain.com R=lookuphost T=remote_smtp defer (110): Connection timed out
2014-03-23 13:04:58 1WRgz8-0000Ch-57 liberomx3.domain.com [212.52.84.67] Connection timed out
2014-03-23 13:05:23 1WRg2h-0007zh-4v alt3.gmail-smtp-in.l.google.com [173.194.xx.xx] Connection timed out
2014-03-23 13:05:25 cwd=/etc/csf 2 args: /usr/sbin/exim -bpc
2014-03-23 13:05:31 1WRcaY-0005wX-Ci mx3.hotmail.com [65.54.xx.xx] Connection timed out
2014-03-23 13:05:31 1WRcaY-0005wX-Ci == io-sono-75@domain3.it R=lookuphost T=remote_smtp defer (110): Connection timed out
2014-03-23 13:05:45 SMTP connection from [89.118.xx.xx]:51282 (TCP/IP connection count = 1)
2014-03-23 13:05:45 no IP address found for host 89-118-51-30-static.domain3.net (during SMTP connection from [89.118.xx.xx]:51282)
2014-03-23 13:05:46 1WRcZH-0005HM-Jg liberomx1.domain.com [212.52.xx.xx] Connection timed out
2014-03-23 13:05:46 1WRcZH-0005HM-Jg == vampirellilith@domain.com R=lookuphost T=remote_smtp defer (110): Connection timed out
2014-03-23 13:05:48 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
2014-03-23 13:05:54 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
2014-03-23 13:06:05 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
2014-03-23 13:06:22 dovecot_login authenticator failed for ([192.168.2.33]) [89.118.51.30]:51282: 535 Incorrect authentication data (set_id=tomek)
2014-03-23 13:06:25 cwd=/etc/csf 4 args: /usr/sbin/sendmail -f root -t
2014-03-23 13:06:25 1WRhAX-00027n-HU <= root@ks208859.domain2.com U=root P=local S=1388 T="lfd on ks208859.domain2.com: blocked 89.118.xx.xx (IT/Italy/89-118-51-30-static.domain3.net)" for root
2014-03-23 13:06:25 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WRhAX-00027n-HU
2014-03-23 13:06:25 1WRhAX-00027n-HU User 0 set for local_delivery transport is on the never_users list
2014-03-23 13:06:25 1WRhAX-00027n-HU == root@ks208859.domain2.com R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
2014-03-23 13:06:25 1WRhAX-00027n-HU ** root@ks208859.domain2.com: retry timeout exceeded
2014-03-23 13:06:25 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1WRhAX-00027n-HU
2014-03-23 13:06:25 1WRhAX-00027v-MA <= <> R=1WRhAX-00027n-HU U=mailnull P=local S=2245 T="Mail delivery failed: returning message to sender" for root@ks208859.domain2.com
2014-03-23 13:06:25 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1WRhAX-00027v-MA
2014-03-23 13:06:25 1WRhAX-00027v-MA User 0 set for local_delivery transport is on the never_users list
2014-03-23 13:06:25 1WRhAX-00027v-MA == root@ks208859.domain2.com R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
2014-03-23 13:06:25 1WRhAX-00027v-MA ** root@ks208859.domain2.com: retry timeout exceeded
2014-03-23 13:06:25 1WRhAX-00027v-MA root@ks208859.domain2.com: error ignored
2014-03-23 13:06:25 1WRhAX-00027n-HU Completed
2014-03-23 13:06:25 1WRhAX-00027v-MA CompletedI tried to put csf in medium protection but still not work. I checked if my domain (domain.com) is blacklisted but its ok. I dont know whats happened in last 48 hours, before all worked... Can you help me please?
-
Hello, Since you've modified the log file to show false information, it's rather difficult to help you. However, I do see that the IP address 89.118.51.30 is blocked by several blacklists. Looking at MX Toolbox Blacklist, I currently see 7 different RBL's. If that's your IP address then that is the cause of the problem. 0 -
Thank you for your answer, sorry but i have simply copy and past a part of my exim.log without hide nothing. I can paste all if you need for help me. I don't undestand one think: my server IP is 94.23.231.116 and you speak about other IP above. Anyway i checked now this IP also and i see im in some blacklist. Now i try to resolve soon all and thank you again. 0 -
Somebody can help me please? Im not a different user and i pay every month license of cPanel. I never post here because fortunately all was good until now. Now i asked help about this problem but it seems nobody interest about that... 0
Please sign in to leave a comment.
Comments
3 comments