Hi all,
I've been using direct admin on CentOs for 1/2 years now and have hit a sudden problem.
Yesterday I started seeing waves of failed to deliver return to sender messages arrive in my email account. Upon investigations 1000's of emails appear to be being sent from email accounts on my server.
My server hosts "mydomain.com" and the emails appear to be being sent from [email protected], [email protected] etc...
I've currently just disabled EXIM to prevent these being sent out; and have cleared out the message queue.
How do I go around diagnosing where these messages are coming from? Currently when I start Exim I see no more messages arriving. I don't see any suspicious users/connections and have changed some of the main mail account passwords (though I don't understand how these can be sent from this domain in the first place).
I'm seeing a relay alert from LFD, is it possible they are being relayed from somewhere else? How do I prevent this?
Thanks for your help,
I'm slightly lost!
--
Example mail headers:
I've been using direct admin on CentOs for 1/2 years now and have hit a sudden problem.
Yesterday I started seeing waves of failed to deliver return to sender messages arrive in my email account. Upon investigations 1000's of emails appear to be being sent from email accounts on my server.
My server hosts "mydomain.com" and the emails appear to be being sent from [email protected], [email protected] etc...
I've currently just disabled EXIM to prevent these being sent out; and have cleared out the message queue.
How do I go around diagnosing where these messages are coming from? Currently when I start Exim I see no more messages arriving. I don't see any suspicious users/connections and have changed some of the main mail account passwords (though I don't understand how these can be sent from this domain in the first place).
I'm seeing a relay alert from LFD, is it possible they are being relayed from somewhere else? How do I prevent this?
Thanks for your help,
I'm slightly lost!
--
Example mail headers:
Code:
1Tfd6C-0008NC-1v-H
mail 8 12
<[email protected]>
1354568324 0
-helo_name User-PC
-host_address 187.23.169.202.56584
-interface_address 78.129.132.155.25
-received_protocol esmtp
-body_linecount 32
-max_received_linelength 119
-host_lookup_failed
YY [email protected]
NN [email protected]
YN [email protected]
NN [email protected]
10
[email protected]
Last edited: