Exim + cPanel
A user on the server noticed a high load, and submitted a ticket, so i go to check it out, and find out the following:
Filesystem Size Used Avail Use% Mounted on
/dev/hda6 980M 561M 370M 61% /
/dev/hda1 45M 8.9M 34M 21% /boot
/dev/hda8 46G 3.3G 40G 8% /home
none 235M 0 235M 0% /dev/shm
/dev/hda7 980M 17M 914M 2% /tmp
/dev/hda2 2.9G 2.6G 156M 95% /usr
/dev/hda5 1.9G 1.1G 781M 59% /var
Now, i didnt find the /usr part so strange, but i did the var.
As i go further, i notice that /var/spool is taking up 660 MB. So i cd to it and find out /var/spool/exim is the one taking up all of it.
I take a look and find millions and millions of messages sitting there, either waiting to be delivered, or dead or i dont know what. Everytime exim tries to start deliviring them, the load would go up to 23 avg.
Now, i did a ps aux, and i saw that some exim processes were defunt:
root 1901 0.1 0.0 0 0 ? Z 08:56 0:00 [exim <defunct>]
about 10 of those.
And when it starts again, a lot of these type looking processess:
root 1909 0.1 0.4 4548 2356 ? S 08:57 0:00 /usr/sbin/exim -MCS -MCP -MCQ 1228 2 -MC remote_smtp gateway1.worldnet.att.net 8 18kGn4-0005Xj-00
Now i dont know what to do. It seems like the server is getting mail bombed, since exim just seems to try to deliver it all to nobody@server.section4.net. Some help would be appreciated on this matter.
