Exim queue filling with mail to root

sevenymedia

Verified User
Joined
Sep 28, 2015
Messages
34
I manage multiple DirectAdmin servers and since a week I'm seeing a strange issue on one of them.

Since last week the Exim queue on one of them is filling up with lots of e-mails to [email protected]. I compared log lines for some messages on multiple servers. I'm missing some log lines on the failing server.

The following are log lines for a message on the failing server
Code:
2021-09-14 19:06:30 1mQBt8-0001CT-MS <= [email protected]***** U=root P=local S=801 T="lfd on *****: Excessive resource usage: nginx (1496 (Parent PID:1496))" from <[email protected]*****> for root
2021-09-14 19:06:30 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1mQBt8-0001CT-MS
2021-09-14 19:06:30 1mQBt8-0001CT-MS User 0 set for local_delivery transport is on the never_users list
2021-09-14 19:06:30 1mQBt8-0001CT-MS == [email protected]***** R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list

And these are the log lines for a message on a server which doesn't fillup it's queue
Code:
2021-09-14 17:02:46 1mQ9xO-0001Gn-Ky <= [email protected]***** U=root P=local S=822 T="lfd on *****: Excessive resource usage: nginx (3159 (Parent PID:3159))" from <[email protected]*****> for root
2021-09-14 17:02:46 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1mQ9xO-0001Gn-Ky
2021-09-14 17:02:46 1mQ9xO-0001Gn-Ky User 0 set for local_delivery transport is on the never_users list
2021-09-14 17:02:46 1mQ9xO-0001Gn-Ky == [email protected]***** R=localuser T=local_delivery defer (-29): User 0 set for local_delivery transport is on the never_users list
2021-09-14 17:02:46 1mQ9xO-0001Gn-Ky ** [email protected]*****: retry timeout exceeded
2021-09-14 17:02:46 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1mQ9xO-0001Gn-Ky
2021-09-14 17:02:46 1mQ9xO-0001H4-PH <= <> R=1mQ9xO-0001Gn-Ky U=mail P=local S=2131 T="Mail delivery failed: returning message to sender" from <> for [email protected]*****
2021-09-14 17:02:46 1mQ9xO-0001Gn-Ky Completed

So when comparing the process on both servers I'm missing the following lines on the failing server, looks like it doesn't bounce or something
Code:
2021-09-14 17:02:46 1mQ9xO-0001Gn-Ky ** [email protected]*****: retry timeout exceeded
2021-09-14 17:02:46 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1mQ9xO-0001Gn-Ky
2021-09-14 17:02:46 1mQ9xO-0001H4-PH <= <> R=1mQ9xO-0001Gn-Ky U=mail P=local S=2131 T="Mail delivery failed: returning message to sender" from <> for [email protected]*****
2021-09-14 17:02:46 1mQ9xO-0001Gn-Ky Completed

Anybody who might be able to help my out on this one?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,732
Location
Maastricht
It's easy, all system mails are send to root. If you don't take care that you can get root mail, you can see this happen if a lot of things happen.

There are 2 solutions for this.
1.) edit /etc/aliases and at the bottom, change
#root: marc
to
root: [email protected]
where [email protected] is an email address you want to receive system mails at.
The give the command newaliases and restart Exim.
I found this the best working method.

2.) create a .forward file in /root and put your email address in there.
Easier method but didn't seem to always work.
 

sevenymedia

Verified User
Joined
Sep 28, 2015
Messages
34
Well actually I don't want to receive them, but the strange thing is that one the several servers the message seems to be dropped but one the 'failing' server it queued for a long time.

I checked the aliases and on both servers they're the same.. so can't really figure out why there's only one server filling up it's queue.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,732
Location
Maastricht
Seems LFD is sending these mails to root.
Sorry, I was looking wrong, seems these are real system messages. You should investigate as to why this happens, so why is there a high resource usage on that server. This is causing all these mails.
That is why root system messages are important and imho not really smart to not receive them somewhere.
 

sevenymedia

Verified User
Joined
Sep 28, 2015
Messages
34
I'll change the target for LFD.. but there are several alike mails which I don't really care about which should be 'dropped/bounced' or smth. But I don't really get what might be the root cause of the issue that on one server messages are dropped immediately and on the other server they're being queued.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,732
Location
Maastricht
I don't know how many messages we are talking about, maybe it's high resource usage issue which is causing Exim to work more slowly too and thus creating a queue, hard to say.

FYI. I disabled most mails from LFD in the lfd.conf because I also don't care about temp and definite bans, so I almost don't get any mails from CSF/LFD. But root mails are enables because I do want to know about high loads and other system isseus like maybe notice from smart that is disk is not happy anymore.
 
Top