Exim high cpu usage

[SeLLeRoNe]

hi, at last two days exim goes up 10% of used cpu, and the load balance go to 8.00 / 12.00

i dont know what its the problem but i would like to reinstall exim.. how i have to do?

thank a lot for all replyes

 

[SeLLeRoNe]

i found in mainlog of exim like a flood by an unexisting email that the exim reply every second and flood server...

i hope i explain the problem fine..

please help quikly... i've to kill exim every time he start flood..

thanks

 

[nobaloney]

Help you do what? Reinstall exim? Unless you know you have a broken exim, what will that fix?

Depending on which OS you're running, you can get the latest supported exim installation file here.

Put it into:

/usr/local/directadmin/scripts/packages

and then run:

/usr/local/directadmin/scripts/exim.sh

But I don't see how that's going to help you with a DOS attack.

Jeff

 

[SeLLeRoNe]

thanks for the guide to install exim, but i would like to know how can i stop this attack.. not reinstalling..

this is a piace of the mainlog of exim

2005-06-07 09:00:22 1DfY4T-0003NQ-PY <= [email protected] U=apache P=local S=5907 [email protected] T="Alerta detectado virus em seus e-mails" from <[email protected]> for [email protected]
2005-06-07 09:00:23 1DfY4V-0003OB-O1 <= [email protected] U=apache P=local S=5905 [email protected] T="Alerta detectado virus em seus e-mails" from <[email protected]> for [email protected]
2005-06-07 09:00:24 1DfY4R-0003Mz-N7 => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=6052 H=mx1.correios.net.br [200.181.70.136] C="250 2.6.0 <[email protected]>
Queued mail for delivery"


someone can help me?

 

[SeLLeRoNe]

PS My System is FreeBSD 5.3

 

[nobaloney]

Find out the IP# or IP#s of the servers sending the email, and block them at your firewall.

Or with SpamBlocker.

Jeff

 

[SeLLeRoNe]

ok, i blocked in one of my domain.. but i think thats an error...

2005-06-07 15:44:10 1De5qW-0006TB-0i ** [email protected] F=<>: Unrouteable address
2005-06-07 15:44:10 1De5qW-0006TB-0i [email protected]: error ignored
2005-06-07 15:44:10 1DfeNG-000DGU-9q ** [email protected] F=<>: Unrouteable address
2005-06-07 15:44:10 1DfeNG-000DGU-9q Frozen (delivery error message)
2005-06-07 15:44:10 1Df3ul-000MLj-Df Completed
2005-06-07 15:44:10 1De5qW-0006TB-0i Completed
2005-06-07 15:44:10 1De5qZ-0006Uf-LR ** [email protected] F=<>: Unrouteable address
2005-06-07 15:44:10 1De5qZ-0006Uf-LR [email protected]: error ignored
2005-06-07 15:44:10 1De5qZ-0006Uf-LR Completed


this is normal?

now try to block the miranet.com.br hostname and ip with firewall.

do u think that it is an DOS attack?

thanks a lot

 

[AleSSaNDRo]

Up!
Have also I this problem as we make to resolve?

 

[Tim]

the same problem here (FBSD 5.3)

 

[Tim]

we fixed it!

the main problem was the email for root/admin. it was sended to nothing, because it didn't resolve.

we've created a forwarder so the mail will be bounced, and now... after deleting the complete mail queue, because all the mail will be send AGAIN and AGAIN, the server is working great again.

 

[nobaloney]

While sendmail and perhaps some other MTAs continue to try the same routing information over and over again, my understanding is that DA reroutes at each retry.

I'm not sure how this works for local delivery (on the same server), but I'd recommend testing if this ever comes up again, before just deleting everything.

Unless of course you don't want the email .

Jeff