Exim settings help
Hello all,
I wonder if you could help me...
I have a server which has just had a site/domain hacked via php. The scripts were sending multiple emails from the site which soon queued up to over 500,000 and brought the server down before i realized. I have since flushed the Queue, fixed the malicious scripts and tightened up a few things in the WHM.
Now when i goto the view sent summary in the email section I am still rejecting thousands of emails to domain email accounts that simply don't exist. The server is rejecting them so that seems to be ok? but i wonder if i can put any further measures in place. All help is greatly appreciated.
I have copied some event details below. Most of them are from the same sender to the same recipient (who doesn't exist)
Please advise. Many thanks
(please note i added the ****** in places)
Event: rejected rejected
Sender User: -remote-
Sender Domain:
Sender: bounce@
Sent Time: Mar 3, 2015 5:30:17 PM
Sender Host: .com
Sender IP: 2.2.2.2
Authentication: unauthorized
Spam Score: 0
Recipient: dave@**********.com
Delivered To:
deliveryuser: *****
deliverydomain: ******
Router: reject
Transport: **rejected**
Out Time: Mar 3, 2015 5:30:17 PM
ID: 1YSqeM-000Cc6-vM
Delivery Host: .com
Delivery IP: 1.1.1.1
Size: 0 bytes
Result: remote host address is the local host
-
Hello :) The messages to non-existent email accounts are already rejected, so there's not much more you can do for that specific behavior other than blocking specific IP addresses that are sending the email in your firewall. Thank you. 0 -
Thank you for the reply. I have found the ones with recurring ip's and blocked those. I appreciate your help. 0
Please sign in to leave a comment.
Comments
2 comments