Hi, soumya tr <[email protected]> (Fr 12 Jul 2013 01:15:02 CEST): > Hi, > > I see the below given messaged in exim main_log: > > --------------- > 2013-07-11 22:59:51 SMTP connection identification H=localhost A=127.0.0.1 > P=50967 U=root ID= S=root B=identify_local_connection > 2013-07-11 22:59:51 H=localhost [127.0.0.1]:50967 Warning: Sender rate > 8855.9 / 1h > 2013-07-11 22:59:51 1UxPq3-000ho1-AX <= [email protected] > <[email protected]>H=localhost [127.0.0.1]:51040 P=esmtp S=2488 T="YOU ARE > NEEDED AS A > REPRESENTATIVE!!!" for [email protected] > --------------- > > The email address [email protected] <[email protected]> isnt present in the server. > I am unable to find how the mails are generated :( . Please assist. > > A large number of such mails are getting generated, and thus large number > of connections to 127.0.0.1:25 from 127.0.0.1:XXXX, thereby increasing the > load.
Are you running any other services on your server? If the log isn't faked, it looks as if "root" is sending mails via SMTP from your own host. Probably your box is hacked. Some application running with root permissions seems to generate the messages. Could be anything. Firt I'd stop outgoing connections, to avoid blacklisting of your machine. (If the sender isn't an individual, it might be enough to stop the Exim daemon and inhibit the start of any queue runner, if you've mails in your queue still. -- Heiko
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
