Help Interpreting Exim Queue
I have a cPanel server with around 300 sites on it. Recently, spammers were able to upload php files to an unpatched WordPress site and send emails. I caught it when we landed on a blacklist. I've patched/cleaned the site in question, and while working on this I noticed the following output from the command 'exim -bp | exiqsumm':
-- begin snip --
Count Volume Oldest Newest Domain
----- ------ ------ ------ ------
- Spam Domains List Removed -
-- end snip --
I don't understand what this output represents. None of these domains are hosted on my server. Are these spam/bounces that are incoming to my users, or, does this indicate another possible vulnerability issue where our server is sending outbound spam? A huge thank you to anyone who can help.
-
I don't understand what this output represents.
Hello :) The command you are running is providing you a summary of the existing messages in your mail queue. You can open your mail queue from Web Host Manager and review the individual messages if you want to get a better idea of the type of messages and where they come from. Thank you.0 -
Thank you for pointing me there. I can see that I have many emails queued up to go out from [System] to unusual addresses...would this likely indicate that I still have some "issues" to resolve? 0 -
Thank you for pointing me there. I can see that I have many emails queued up to go out from [System] to unusual addresses...would this likely indicate that I still have some "issues" to resolve?
Actually, I'm wondering now if this represents a bounce being sent out to someone that was sending spam to our users...after looking at the message headers.0 -
Yes, it's likely a bounce sent to a non-existent user. You should be able to remove these messages from the queue to avoid the automatic retry attempts. Thank you. 0 -
Starting to make sense, thank you so much for the quick replies, Michael. 0
Please sign in to leave a comment.
Comments
5 comments