Skip to main content

High SMTP traffic port 25/tcp



  • MilesWeb

    Hello, milo695

    It seems your server got compromised and someone had a DDOS  attack on your server, 

    Refer to the below article to prevent DDOS attacks using CSF

    Also, if possible share the cat /var/log/exim_mainlog so we can check the exim logs and help you further.

  • milo695

    Thanks for this, how can I send you exim_mainlog?

  • cPRex Jurassic Moderator

    I would prefer that you don't post a giant output of "cat /var/log/exim_mainlog" to the Forum.  It will be huge, and full of personal information.

    I also don't believe outgoing email is a "DDoS" type of attack.

    I would recommend working through the guide here to see if you can determine the source of the messages:

  • milo695

    99% of those messages are generated by the System and sent to server admin email (to my gmail), containing: 

    lfd on Excessive resource usage:

    and then land to my gmail spam folder. Sorry I forgot to mention that CSF is generating them.

    In Exim I have a lot of these:
    2024-01-22 10:12:24 1rRnx8-0001Hr-0U Message is frozen
    and several these:
    2024-01-22 06:08:09 1rRCS8-00049d-31 == R=dkim_lookuphost T=dkim_remote_smtp defer (-54): retry time not reached for any host for ''

    Can you help me recognise what those 2 are? is not my domain but looks like it's trying to, well... trying something 

  • Andrew

    LFD is part of the ConfigServer either need to fix the excessive resource usage or adjust the sensitivity of these alerts in the firewall. 

    Andrew N. - cPanel Plesk VMWare Certified Professional
    Do you need immediate assistance? 20 minutes response time!*
    EmergencySupport - Professional Server Management and One-time Services

  • milo695

    Thanks, I've increased the PT_USERMEM to 1024 and monitoring now


Please sign in to leave a comment.