Big spam email problem
My host is in the process of looking at this, but I want to get other opinions/advice.
I have 15 domains on a VPS. I am the only user (no clients). There is only one physical email account being used, on one of the domains. All other domains have aliases that forward to this one account.
I also have some scripts that send out confirmation emails via sendmail.
No mailing lists.
I had a problem this morning with the VPS basically falling over, and it looks like it is getting choked with email (mail relay?). The volume of inbound and outbound mail is just horrendous.
If you add the legitimate emails that I send and the script-based emails, that amount would be under 300 messages per day.
Not sure how to go about fixing this.
Statistics (some things redacted for privacy):
Exim statistics from 2005-11-27 05:03:51 to 2005-11-29 18:32:48
Grand total summary
-------------------
At least one address
TOTAL Volume Messages Hosts Delayed Failed
Received 87MB 17770 6461 47 0.3% 6 0.0%
Delivered 345MB 56714 30
Deliveries by transport
-----------------------
Volume Messages
:blackhole: 333MB 55225
remote_smtp 1650KB 56
virtual_sa_userdelivery 4520KB 716
virtual_userdelivery 2073KB 270
virtual_userdelivery_spam 4300KB 447
Messages received per hour (each dot is 39 messages)
----------------------------------------------------
00-01 407 ..........
01-02 637 ................
02-03 1229 ...............................
03-04 494 ............
04-05 445 ...........
05-06 477 ............
06-07 677 .................
07-08 717 ..................
08-09 666 .................
09-10 578 ..............
10-11 793 ....................
11-12 382 .........
12-13 570 ..............
13-14 1238 ...............................
14-15 1345 ..................................
15-16 1454 .....................................
16-17 1945 .................................................
17-18 601 ...............
18-19 669 .................
19-20 501 ............
20-21 447 ...........
21-22 617 ...............
22-23 440 ...........
23-24 441 ...........
Deliveries per hour (each dot is 89 deliveries)
-----------------------------------------------
00-01 1404 ...............
01-02 1930 .....................
02-03 2282 .........................
03-04 2170 ........................
04-05 1522 .................
05-06 1684 ..................
06-07 1922 .....................
07-08 2890 ................................
08-09 2671 ..............................
09-10 2172 ........................
10-11 2669 .............................
11-12 1661 ..................
12-13 2272 .........................
13-14 2911 ................................
14-15 3498 .......................................
15-16 4000 ............................................
16-17 4450 ..................................................
17-18 2268 .........................
18-19 2938 .................................
19-20 1935 .....................
20-21 1724 ...................
21-22 2092 .......................
22-23 1928 .....................
23-24 1721 ...................
Time spent on the queue: all messages
-------------------------------------
Under 1m 16488 92.8% 92.8%
5m 146 0.8% 93.7%
15m 31 0.2% 93.8%
30m 44 0.2% 94.1%
1h 998 5.6% 99.7%
3h 8 0.0% 99.8%
6h 42 0.2% 100.0%
1d 1 0.0% 100.0%
Time spent on the queue: messages with at least one remote delivery
-------------------------------------------------------------------
Under 1m 42 75.0% 75.0%
5m 11 19.6% 94.6%
3h 2 3.6% 98.2%
1d 1 1.8% 100.0%
No relayed messages
-------------------
Top 50 sending hosts by message count
-------------------------------------
1431 12MB (***.***.***.***)
782 8266KB local
581 1403KB (lh)
145 490KB (tpin.okcu.edu)
111 5844KB (********.com)
76 692KB (comcast.net)
50 70KB (146192968)
50 69KB (145118656)
50 69KB (147143792)
50 68KB (146632824)
50 68KB (135172880)
49 83KB (epatra.com)
48 272KB (angelfire.com)
48 66KB (145312848)
47 261KB (bellsouth.net)
46 257KB (lycos.com)
46 63KB (147412280)
46 63KB (146333456)
44 82KB (-1223753408)
44 78KB (uk2.net)
44 60KB (148810472)
43 78KB (asheville.com)
42 57KB (143533600)
40 54KB (145928648)
39 63KB (freemail.nl)
37 70KB (-1217931504)
37 68KB (-1215659624)
36 49KB (-187923464)
35 59KB (yehey.com)
35 48KB (144090544)
34 61KB (mypersonalemail.com)
34 58KB (go2.pl)
34 47KB (144656864)
34 46KB (147618200)
33 73KB (****.com)
32 45KB (147978408)
32 44KB (144719304)
31 51KB (o2.pl)
30 188KB (execpc.com)
30 181KB (mninter.net)
30 56KB (-1219122248)
30 49KB (email.ro)
29 176KB (alltel.net)
29 53KB (-1227631944)
29 47KB (tlen.pl)
29 39KB (145262968)
28 247KB (verizon.net)
28 180KB (moen.com)
28 157KB (scala.net)
28 52KB (-1222099456)
Top 50 sending hosts by volume
------------------------------
1431 12MB (***.***.***.***)
782 8266KB local
111 5844KB (**********.com)
581 1403KB (lh)
76 692KB (comcast.net)
145 490KB (tpin.okcu.edu)
6 457KB (omc3-s25.bay6.hotmail.com)
15 316KB (66-214-179-109.dhcp.gldl.ca.charter.com)
14 300KB (66-168-114-180.dhcp.oxfr.ma.charter.com)
7 283KB (****.com)
13 280KB (12-208-120-204.client.insightBB.com)
5 278KB (fastintel.net)
48 272KB (angelfire.com)
47 261KB (bellsouth.net)
46 257KB (lycos.com)
12 247KB (pic33-1-82-237-168-200.fbx.proxad.net)
28 247KB (verizon.net)
11 236KB (host-24-225-154-184.patmedia.net)
10 232KB (cp148898-a.tilbu1.nb.home.nl)
9 225KB 69-169-91-170.lmdaca.adelphia.net
9 224KB (i02v-62-34-62-40.d4.club-internet.fr)
9 221KB (cm-207-192-195-12.stjoseph.mo.npgco.com)
1 211KB (amme.myhostdns.com)
8 201KB adsl-69-213-75-242.dsl.chcgil.ameritech.net
10 196KB (p3033-ipad401osakakita.osaka.ocn.ne.jp)
30 188KB (execpc.com)
8 184KB (adsl-67-65-46-101.dsl.ksc2mo.swbell.net)
9 183KB (wsip-68-15-52-251.ri.ri.cox.net)
9 181KB (TSC-010)
30 181KB (mninter.net)
28 180KB (moen.com)
7 176KB (adsl-208-191-222-179.dsl.kscymo.swbell.net)
29 176KB (alltel.net)
9 175KB (pool-70-23-48-212.ny325.east.verizon.net)
18 172KB (proxad.net)
8 165KB (s01060050bacd8215.wk.shawcable.net)
8 165KB (nthygo091030.hygo.nt.adsl.ppp.infoweb.ne.jp)
7 163KB (f59-156-110-230.fnj.ne.jp)
8 163KB (dsl-201-135-151-229.prod-infinitum.com.mx)
8 162KB (68-191-11-164.dhcp.plbg.ny.charter.com)
8 161KB (701DFB2D57C643E)
28 157KB (scala.net)
6 157KB (c-24-91-61-74.hsd1.ma.comcast.net)
8 154KB (81-208-32-152.ip.fastwebnet.it)
9 154KB (66-146-173-200.skyriver.net)
16 152KB (singnet.com.sg)
7 150KB (adsl-216-63-160-12.dsl.elpstx.swbell.net)
7 143KB (fla1aaa037.tky.mesh.ad.jp)
7 142KB (pcp408058pcs.mtsano01.ga.comcast.net)
7 140KB (XXX)
Top 50 host destinations by message count
-----------------------------------------
56658 344MB local
19 48KB gmail-smtp-in.l.google.com
5 2542 mx2.mail.yahoo.com
3 43KB mx3.mail.yahoo.com
3 1520 mx1.hotmail.com
2 2813 drjimmy.it.northwestern.edu
1 1197KB hrndva-01.mgw.rr.com
1 42KB mailin1.pacific.net.au
1 41KB mx1.biz.mail.yahoo.com
1 41KB smtpin.ntlworld.com
1 41KB tommx.163.net
1 35KB mail.lightyearmusic.com
1 35KB mx3.mail2000.com.tw
1 35KB ms26a.hinet.net
1 25KB mx0.gmx.de
1 25KB smtp.clinch.ch
1 25KB afm-records.de
1 1529 smtp-mx.mac.com
1 1247 gateway-r.comcast.net
1 1154 mailin-02.mx.aol.com
1 836 mta1.grp.scd.yahoo.com
1 831 mta3.grp.scd.yahoo.com
1 661 relay8.cso.uiuc.edu
1 518 ibmr.btconnect.com
1 517 mx2.mail.tw.yahoo.com
1 517 pamx1.hotmail.com
1 500 mx3.hotmail.com
1 495 mx1.seznam.cz
1 493 bep.internode.on.net
1 491 smtp.tin.it
Top 50 host destinations by volume
----------------------------------
56658 344MB local
1 1197KB hrndva-01.mgw.rr.com
19 48KB gmail-smtp-in.l.google.com
3 43KB mx3.mail.yahoo.com
1 42KB mailin1.pacific.net.au
1 41KB mx1.biz.mail.yahoo.com
1 41KB smtpin.ntlworld.com
1 41KB tommx.163.net
1 35KB mail.lightyearmusic.com
1 35KB mx3.mail2000.com.tw
1 35KB ms26a.hinet.net
1 25KB mx0.gmx.de
1 25KB smtp.clinch.ch
1 25KB afm-records.de
2 2813 drjimmy.it.northwestern.edu
5 2542 mx2.mail.yahoo.com
1 1529 smtp-mx.mac.com
3 1520 mx1.hotmail.com
1 1247 gateway-r.comcast.net
1 1154 mailin-02.mx.aol.com
1 836 mta1.grp.scd.yahoo.com
1 831 mta3.grp.scd.yahoo.com
1 661 relay8.cso.uiuc.edu
1 518 ibmr.btconnect.com
1 517 mx2.mail.tw.yahoo.com
1 517 pamx1.hotmail.com
1 500 mx3.hotmail.com
1 495 mx1.seznam.cz
1 493 bep.internode.on.net
1 491 smtp.tin.it
Top 50 local destinations by message count
------------------------------------------
55225 333MB :blackhole:
1433 11MB *****
Top 50 local destinations by volume
-----------------------------------
55225 333MB :blackhole:
1433 11MB *****
Grand total summary
-------------------
At least one address
TOTAL Volume Messages Hosts Delayed Failed
Received 87MB 17770 6461 47 0.3% 6 0.0%
Delivered 345MB 56714 30
Deliveries by transport
-----------------------
Volume Messages
:blackhole: 333MB 55225
remote_smtp 1650KB 56
virtual_sa_userdelivery 4520KB 716
virtual_userdelivery 2073KB 270
virtual_userdelivery_spam 4300KB 447
Messages received per hour (each dot is 39 messages)
----------------------------------------------------
00-01 407 ..........
01-02 637 ................
02-03 1229 ...............................
03-04 494 ............
04-05 445 ...........
05-06 477 ............
06-07 677 .................
07-08 717 ..................
08-09 666 .................
09-10 578 ..............
10-11 793 ....................
11-12 382 .........
12-13 570 ..............
13-14 1238 ...............................
14-15 1345 ..................................
15-16 1454 .....................................
16-17 1945 .................................................
17-18 601 ...............
18-19 669 .................
19-20 501 ............
20-21 447 ...........
21-22 617 ...............
22-23 440 ...........
23-24 441 ...........
Deliveries per hour (each dot is 89 deliveries)
-----------------------------------------------
00-01 1404 ...............
01-02 1930 .....................
02-03 2282 .........................
03-04 2170 ........................
04-05 1522 .................
05-06 1684 ..................
06-07 1922 .....................
07-08 2890 ................................
08-09 2671 ..............................
09-10 2172 ........................
10-11 2669 .............................
11-12 1661 ..................
12-13 2272 .........................
13-14 2911 ................................
14-15 3498 .......................................
15-16 4000 ............................................
16-17 4450 ..................................................
17-18 2268 .........................
18-19 2938 .................................
19-20 1935 .....................
20-21 1724 ...................
21-22 2092 .......................
22-23 1928 .....................
23-24 1721 ...................
Time spent on the queue: all messages
-------------------------------------
Under 1m 16488 92.8% 92.8%
5m 146 0.8% 93.7%
15m 31 0.2% 93.8%
30m 44 0.2% 94.1%
1h 998 5.6% 99.7%
3h 8 0.0% 99.8%
6h 42 0.2% 100.0%
1d 1 0.0% 100.0%
Time spent on the queue: messages with at least one remote delivery
-------------------------------------------------------------------
Under 1m 42 75.0% 75.0%
5m 11 19.6% 94.6%
3h 2 3.6% 98.2%
1d 1 1.8% 100.0%
No relayed messages
-------------------
Top 50 sending hosts by message count
-------------------------------------
1431 12MB (***.***.***.***)
782 8266KB local
581 1403KB (lh)
145 490KB (tpin.okcu.edu)
111 5844KB (********.com)
76 692KB (comcast.net)
50 70KB (146192968)
50 69KB (145118656)
50 69KB (147143792)
50 68KB (146632824)
50 68KB (135172880)
49 83KB (epatra.com)
48 272KB (angelfire.com)
48 66KB (145312848)
47 261KB (bellsouth.net)
46 257KB (lycos.com)
46 63KB (147412280)
46 63KB (146333456)
44 82KB (-1223753408)
44 78KB (uk2.net)
44 60KB (148810472)
43 78KB (asheville.com)
42 57KB (143533600)
40 54KB (145928648)
39 63KB (freemail.nl)
37 70KB (-1217931504)
37 68KB (-1215659624)
36 49KB (-187923464)
35 59KB (yehey.com)
35 48KB (144090544)
34 61KB (mypersonalemail.com)
34 58KB (go2.pl)
34 47KB (144656864)
34 46KB (147618200)
33 73KB (****.com)
32 45KB (147978408)
32 44KB (144719304)
31 51KB (o2.pl)
30 188KB (execpc.com)
30 181KB (mninter.net)
30 56KB (-1219122248)
30 49KB (email.ro)
29 176KB (alltel.net)
29 53KB (-1227631944)
29 47KB (tlen.pl)
29 39KB (145262968)
28 247KB (verizon.net)
28 180KB (moen.com)
28 157KB (scala.net)
28 52KB (-1222099456)
Top 50 sending hosts by volume
------------------------------
1431 12MB (***.***.***.***)
782 8266KB local
111 5844KB (**********.com)
581 1403KB (lh)
76 692KB (comcast.net)
145 490KB (tpin.okcu.edu)
6 457KB (omc3-s25.bay6.hotmail.com)
15 316KB (66-214-179-109.dhcp.gldl.ca.charter.com)
14 300KB (66-168-114-180.dhcp.oxfr.ma.charter.com)
7 283KB (****.com)
13 280KB (12-208-120-204.client.insightBB.com)
5 278KB (fastintel.net)
48 272KB (angelfire.com)
47 261KB (bellsouth.net)
46 257KB (lycos.com)
12 247KB (pic33-1-82-237-168-200.fbx.proxad.net)
28 247KB (verizon.net)
11 236KB (host-24-225-154-184.patmedia.net)
10 232KB (cp148898-a.tilbu1.nb.home.nl)
9 225KB 69-169-91-170.lmdaca.adelphia.net
9 224KB (i02v-62-34-62-40.d4.club-internet.fr)
9 221KB (cm-207-192-195-12.stjoseph.mo.npgco.com)
1 211KB (amme.myhostdns.com)
8 201KB adsl-69-213-75-242.dsl.chcgil.ameritech.net
10 196KB (p3033-ipad401osakakita.osaka.ocn.ne.jp)
30 188KB (execpc.com)
8 184KB (adsl-67-65-46-101.dsl.ksc2mo.swbell.net)
9 183KB (wsip-68-15-52-251.ri.ri.cox.net)
9 181KB (TSC-010)
30 181KB (mninter.net)
28 180KB (moen.com)
7 176KB (adsl-208-191-222-179.dsl.kscymo.swbell.net)
29 176KB (alltel.net)
9 175KB (pool-70-23-48-212.ny325.east.verizon.net)
18 172KB (proxad.net)
8 165KB (s01060050bacd8215.wk.shawcable.net)
8 165KB (nthygo091030.hygo.nt.adsl.ppp.infoweb.ne.jp)
7 163KB (f59-156-110-230.fnj.ne.jp)
8 163KB (dsl-201-135-151-229.prod-infinitum.com.mx)
8 162KB (68-191-11-164.dhcp.plbg.ny.charter.com)
8 161KB (701DFB2D57C643E)
28 157KB (scala.net)
6 157KB (c-24-91-61-74.hsd1.ma.comcast.net)
8 154KB (81-208-32-152.ip.fastwebnet.it)
9 154KB (66-146-173-200.skyriver.net)
16 152KB (singnet.com.sg)
7 150KB (adsl-216-63-160-12.dsl.elpstx.swbell.net)
7 143KB (fla1aaa037.tky.mesh.ad.jp)
7 142KB (pcp408058pcs.mtsano01.ga.comcast.net)
7 140KB (XXX)
Top 50 host destinations by message count
-----------------------------------------
56658 344MB local
19 48KB gmail-smtp-in.l.google.com
5 2542 mx2.mail.yahoo.com
3 43KB mx3.mail.yahoo.com
3 1520 mx1.hotmail.com
2 2813 drjimmy.it.northwestern.edu
1 1197KB hrndva-01.mgw.rr.com
1 42KB mailin1.pacific.net.au
1 41KB mx1.biz.mail.yahoo.com
1 41KB smtpin.ntlworld.com
1 41KB tommx.163.net
1 35KB mail.lightyearmusic.com
1 35KB mx3.mail2000.com.tw
1 35KB ms26a.hinet.net
1 25KB mx0.gmx.de
1 25KB smtp.clinch.ch
1 25KB afm-records.de
1 1529 smtp-mx.mac.com
1 1247 gateway-r.comcast.net
1 1154 mailin-02.mx.aol.com
1 836 mta1.grp.scd.yahoo.com
1 831 mta3.grp.scd.yahoo.com
1 661 relay8.cso.uiuc.edu
1 518 ibmr.btconnect.com
1 517 mx2.mail.tw.yahoo.com
1 517 pamx1.hotmail.com
1 500 mx3.hotmail.com
1 495 mx1.seznam.cz
1 493 bep.internode.on.net
1 491 smtp.tin.it
Top 50 host destinations by volume
----------------------------------
56658 344MB local
1 1197KB hrndva-01.mgw.rr.com
19 48KB gmail-smtp-in.l.google.com
3 43KB mx3.mail.yahoo.com
1 42KB mailin1.pacific.net.au
1 41KB mx1.biz.mail.yahoo.com
1 41KB smtpin.ntlworld.com
1 41KB tommx.163.net
1 35KB mail.lightyearmusic.com
1 35KB mx3.mail2000.com.tw
1 35KB ms26a.hinet.net
1 25KB mx0.gmx.de
1 25KB smtp.clinch.ch
1 25KB afm-records.de
2 2813 drjimmy.it.northwestern.edu
5 2542 mx2.mail.yahoo.com
1 1529 smtp-mx.mac.com
3 1520 mx1.hotmail.com
1 1247 gateway-r.comcast.net
1 1154 mailin-02.mx.aol.com
1 836 mta1.grp.scd.yahoo.com
1 831 mta3.grp.scd.yahoo.com
1 661 relay8.cso.uiuc.edu
1 518 ibmr.btconnect.com
1 517 mx2.mail.tw.yahoo.com
1 517 pamx1.hotmail.com
1 500 mx3.hotmail.com
1 495 mx1.seznam.cz
1 493 bep.internode.on.net
1 491 smtp.tin.it
Top 50 local destinations by message count
------------------------------------------
55225 333MB :blackhole:
1433 11MB *****
Top 50 local destinations by volume
-----------------------------------
55225 333MB :blackhole:
1433 11MB *****
