exim mail queue is full of spam

Question

I want to know which script of my server has a hole, and it's adding to the queue 4000 mails / hour.

This is my mail queue screenshot: http://www.diigo.com/item/image/1i66c/8mav

And this is a single email screenshot: http://www.diigo.com/item/image/1i66c/0pad

I use cpanel. Is there a way to solve my problem?

score 0 · Answer 1 · answered Dec 14 '11 at 17:03

0

First thing, turn off exim. if you can shell in flush the queue

    exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash

See if you are an open relay. You shouldn't be, but check. open relay checker

If you can shell in grep php files for the mail function. Look for suspicious scripts. Comment out the function. My cpanel sends me notices of insecure scripts.

You might have been been compromised as well. Ask your hosting service.

This is more of a serverfault kind of question. You might post there.

Remember to get your self off all the blacklists when you figure it out.

answered Dec 14 '11 at 17:03

Harry Forbess

2,094
4
16
15

i don't know why the mail doesn't have the X-source Headers... maybe they are not coming from php? – Yakko Olè Dec 14 '11 at 17:34
also, i don't need a script that delete all my queue... at the moment you can help me with a script to remove all emails with the content "HELP@"... can you help me with this? – Yakko Olè Dec 14 '11 at 17:36

score 0 · Answer 2 · answered Dec 14 '11 at 19:46

0

   exiqgrep -ir help@ | xargs exim -Mrm

answered Dec 14 '11 at 19:46

Harry Forbess

2,094
4
16
15

Should this have been a part of your other answer? – jwheron Dec 14 '11 at 20:19

exim mail queue is full of spam

2 Answers2