Hi guys please need help, latest hestia 1.9.4 send my a lot emails Mail Delivery System [email protected]expand_more. any time new 5-10 ssame email no delivery. see pics please
Hi,
Did you send that mail to that external email account?
You should check the log to view what are the issues.
Replace HereTheMessageIdentifier with the actual message id you see in the mail.
exigrep 'HereTheMessageIdentifier' /var/log/exim4/mainlog*
th..you for help
log here
2025-09-29 16:57:42 dovecot_login authenticator failed for ([125.20.231.66]) [125.19.154.154]: 535 Incorrect authentication data ([email protected])
2025-09-29 16:57:43 dovecot_login authenticator failed for (localhost) [81.30.107.174]: 535 Incorrect authentication data (set_id=xconnect)
2025-09-29 16:57:53 no host name found for IP address 81.30.107.49
2025-09-29 16:57:54 dovecot_login authenticator failed for access-178-57-37-17.kmtn.ru [178.57.37.17]: 535 Incorrect authentication data (set_id=admin)
2025-09-29 16:58:06 dovecot_login authenticator failed for (localhost) [81.30.107.49]: 535 Incorrect authentication data (set_id=haley)
2025-09-29 16:58:10 no host name found for IP address 81.30.107.29
2025-09-29 16:58:32 dovecot_login authenticator failed for (localhost) [81.30.107.29]: 535 Incorrect authentication data (set_id=anamaria)
2025-09-29 16:58:34 no host name found for IP address 81.30.107.89
2025-09-29 16:58:40 dovecot_login authenticator failed for (localhost) [81.30.107.89]: 535 Incorrect authentication data (set_id=dsi)
2025-09-29 16:58:49 no host name found for IP address 81.30.107.42
2025-09-29 16:58:55 dovecot_login authenticator failed for (localhost) [81.30.107.42]: 535 Incorrect authentication data (set_id=exmerge)
2025-09-29 16:59:25 no host name found for IP address 81.30.107.177
2025-09-29 16:59:27 no host name found for IP address 81.30.107.67
2025-09-29 16:59:34 dovecot_login authenticator failed for (localhost) [81.30.107.177]: 535 Incorrect authentication data (set_id=yujiefang)
2025-09-29 16:59:38 dovecot_login authenticator failed for (localhost) [81.30.107.67]: 535 Incorrect authentication data (set_id=provisioning)
2025-09-29 17:01:13 no host name found for IP address 81.30.107.118
2025-09-29 17:01:18 no host name found for IP address 81.30.107.20
2025-09-29 17:01:21 dovecot_login authenticator failed for (localhost) [81.30.107.118]: 535 Incorrect authentication data (set_id=es)
2025-09-29 17:01:24 no host name found for IP address 81.30.107.173
2025-09-29 17:01:24 no host name found for IP address 167.94.138.182
2025-09-29 17:01:25 no host name found for IP address 62.60.130.186
2025-09-29 17:01:35 dovecot_login authenticator failed for (localhost) [81.30.107.20]: 535 Incorrect authentication data (set_id=abdi)
2025-09-29 17:01:43 dovecot_login authenticator failed for (localhost) [81.30.107.173]: 535 Incorrect authentication data (set_id=fido)
2025-09-29 17:01:44 no host name found for IP address 195.178.110.202
2025-09-29 17:01:48 no host name found for IP address 81.30.107.66
2025-09-29 17:01:50 no host name found for IP address 81.30.107.189
2025-09-29 17:01:52 dovecot_login authenticator failed for (localhost) [81.30.107.66]: 535 Incorrect authentication data (set_id=lfc)
2025-09-29 17:01:53 no host name found for IP address 81.30.107.88
2025-09-29 17:01:55 TLS error on connection from [167.94.138.182] (gnutls_handshake): The TLS connection was non-properly terminated.
2025-09-29 17:02:03 dovecot_login authenticator failed for (localhost) [81.30.107.88]: 535 Incorrect authentication data (set_id=mmendez)
2025-09-29 17:02:14 dovecot_login authenticator failed for (localhost) [81.30.107.189]: 535 Incorrect authentication data (set_id=jcg)
2025-09-29 17:02:20 no host name found for IP address 81.30.107.195
2025-09-29 17:02:26 dovecot_login authenticator failed for (localhost) [81.30.107.195]: 535 Incorrect authentication data (set_id=contest)
2025-09-29 17:02:36 no host name found for IP address 81.30.107.182
2025-09-29 17:02:39 TLS error on connection from [162.142.125.43] (gnutls_handshake): The TLS connection was non-properly terminated.
2025-09-29 17:02:44 dovecot_login authenticator failed for (localhost) [81.30.107.182]: 535 Incorrect authentication data (set_id=test15)
2025-09-29 17:02:45 no host name found for IP address 66.132.153.129
2025-09-29 17:03:16 TLS error on connection from [66.132.153.129] (gnutls_handshake): The TLS connection was non-properly terminated.
2025-09-29 17:03:19 no host name found for IP address 213.209.157.154
2025-09-29 17:03:26 no host name found for IP address 81.30.107.58
I asked for a specific command to show certain lines from your log.
sorry here
root@server:~# exigrep '1v2ZnW-0000000CaDW-3agr' /var/log/exim4/mainlog*
2025-09-29 16:14:08 1v3KG8-00000005lwR-1b7b <= <> R=1v2ZnW-0000000CaDW-3agr U=Debian-exim P=local S=2953
2025-09-29 16:14:08 1v3KG8-00000005lwR-1b7b => admin <[email protected]> R=localuser T=local_delivery
2025-09-29 16:14:08 1v3KG8-00000005lwR-1b7b Completed
2025-09-28 20:44:04 1v31zo-000000019tK-2GZX <= <> R=1v2ZnW-0000000CaDW-3agr U=Debian-exim P=local S=2958
2025-09-28 20:44:04 1v31zo-000000019tK-2GZX => admin <[email protected]> R=localuser T=local_delivery
2025-09-28 20:44:04 1v31zo-000000019tK-2GZX Completed
+++ 1v2ZnW-0000000CaDW-3agr has not completed +++
2025-09-29 00:18:34 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's16rx4.tobu-wedding.com'
2025-09-29 00:44:03 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's16rx4.tobu-wedding.com'
2025-09-29 01:14:03 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's16rx4.tobu-wedding.com'
2025-09-29 01:44:05 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's16rx4.tobu-wedding.com'
2025-09-29 02:14:03 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's16rx4.tobu-wedding.com'
2025-09-29 02:44:03 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's16rx4.tobu-wedding.com'
2025-09-29 03:14:05 1v2ZnW-0000000CaDW-3agr H=mail.s16rx4.tobu-wedding.com [125.228.216.16]: mail.s16rx4.tobu-wedding.com [125.228.216.16]: No route to host
2025-09-29 03:14:05 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (113): No route to host H=mail.s16rx4.tobu-wedding.com [125.228.216.16]: mail.s16rx4.tobu-wedding.com [125.228.216.16]
2025-09-29 03:44:05 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's16rx4.tobu-wedding.com'
2025-09-29 04:14:03 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's16rx4.tobu-wedding.com'
2025-09-29 04:44:03 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's16rx4.tobu-wedding.com'
2025-09-29 05:14:03 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's16rx4.tobu-wedding.com'
2025-09-29 05:44:03 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's16rx4.tobu-wedding.com'
2025-09-29 06:14:03 1v2ZnW-0000000CaDW-3agr == [email protected] R=dnslookup T=remote_smtp defer (-54): retry:
The message ID you checked is not the same as the one in your screenshot.
As for the one you pasted, I can’t see the first lines of the SMTP conversation, most likely because the logs have already been removed by logrotate.
But if you have a lot of those messages and you didn’t send them, it’s most likely that one of your mail accounts has been compromised or one of your sites has been hacked, and spammers are using them to send those emails.
yes your right look like hacked I delete all files from public_html and change pass but again resived emails Do you have idea? Please
Last login: Tue Sep 30 09:47:41 2025 from 66.220.203.0
root@server:~# exigrep '1v2qXL-0000000G1S4-2Y5V' /var/log/exim4/mainlog*
2025-09-30 08:48:37 1v3ZmX-00000009jaf-3S99 <= <> R=1v2qXL-0000000G1S4-2Y5V U=Debian-exim P=local S=2937
2025-09-30 08:48:37 1v3ZmX-00000009jaf-3S99 => admin <[email protected]> R=localuser T=local_delivery
2025-09-30 08:48:37 1v3ZmX-00000009jaf-3S99 Completed
2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS <= <> R=1v2qXL-0000000G1S4-2Y5V U=Debian-exim P=local S=2937
2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS => admin <[email protected]> R=localuser T=local_delivery
2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS Completed
+++ 1v2qXL-0000000G1S4-2Y5V has not completed +++
2025-09-30 00:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 00:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 01:14:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 01:44:06 1v2qXL-0000000G1S4-2Y5V == [email protected]...
2025-09-30 08:48:37 1v3ZmX-00000009jaf-3S99 <= <> R=1v2qXL-0000000G1S4-2Y5V U=Debian-exim P=local S=2937
2025-09-30 08:48:37 1v3ZmX-00000009jaf-3S99 => admin <[email protected]> R=localuser T=local_delivery
2025-09-30 08:48:37 1v3ZmX-00000009jaf-3S99 Completed
2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS <= <> R=1v2qXL-0000000G1S4-2Y5V U=Debian-exim P=local S=2937
2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS => admin <[email protected]> R=localuser T=local_delivery
2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS Completed
+++ 1v2qXL-0000000G1S4-2Y5V has not completed +++
2025-09-30 00:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 00:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 01:14:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 01:44:06 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 02:26:08 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 02:44:26 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 03:14:05 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 03:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 04:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 04:44:05 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 05:14:07 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 05:44:06 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 06:14:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 06:44:06 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 07:14:05 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 07:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 07:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 08:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 08:48:37 1v2qXL-0000000G1S4-2Y5V H=mail.s1rx4.tobu-wedding.com [125.228.216.16]: mail.s1rx4.tobu-wedding.com [125.228.216.16]: No route to host
2025-09-30 08:48:37 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (113): No route to host H=mail.s1rx4.tobu-wedding.com [125.228.216.16]: mail.s1rx4.tobu-wedding.com [125.228.216.16]
2025-09-30 09:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-30 09:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-29 00:18:34 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-29 00:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
...skipping...
ny host for 's1rx4.tobu-wedding.com'
2025-09-29 12:44:05 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-29 13:26:01 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-29 13:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-29 14:14:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-29 14:44:06 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-29 15:14:06 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-29 15:44:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-29 16:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected] 08:48:37 1v3ZmX-00000009jaf-3S99 <= <> R=1v2qXL-0000000G1S4-2Y5V U=De
bian-exim P=local S=2937
2025-09-30 08:48:37 1v3ZmX-00000009jaf-3S99 => admin <[email protected]>
R=localuser T=local_delivery
2025-09-30 08:48:37 1v3ZmX-00000009jaf-3S99 Completed
2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS <= <> R=1v2qXL-0000000G1S4-2Y5V U=De
bian-exim P=local S=2937
2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS => admin <[email protected]>
R=localuser T=local_delivery
2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS Completed
+++ 1v2qXL-0000000G1S4-2Y5V has not completed +++
2025-09-30 00:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected]
-wedding.com R=dnslookup T=remote_smtp defer (-54): retry time not reached for a
ny host for 's1rx4.tobu-wedding.com'
2025-09-30 00:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected]
-wedding.com R=dnslookup T=remote_smtp defer (-54): retry time not reached for a
ny host for 's1rx4.tobu-wedding.com'
2025-09-30 01:14:03 1v2qXL-0000000G1S4-2Y5V == [email protected]
-wedding.com R=dnslookup T=remote_smtp defer (-54): retry time not reached for a
ny host for 's1rx4.tobu-wedding.com'
2025-09-30 01:44:06 1v2qXL-0000000G1S4-2Y5V == [email protected]
...skipping...
]
2025-09-28 20:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 21:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 21:44:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 22:14:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 22:44:05 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 23:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 23:44:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
...skipping...
]
2025-09-28 20:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 21:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 21:44:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 22:14:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 22:44:05 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 23:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
2025-09-28 23:44:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
root@server:~# XL-0000000G1S4-2Y5V U=Debian-exim P=local S=2937
XL-0000000G1S4-2Y5V: command not found
root@server:~# 2025-09-30 08:48:37 1v3ZmX-00000009jaf-3S99 => admin <[email protected]> R=localuser T=local_delivery
-bash: [email protected]: No such file or directory
root@server:~# 2025-09-30 08:48:37 1v3ZmX-00000009jaf-3S99 Completed
2025-09-30: command not found
root@server:~#
root@server:~# 2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS <= <> R=1v2qXL-0000000G1S4-2Y5V U=Debian-exim P=local S=2937
-bash: =: No such file or directory
root@server:~# 2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS => admin <[email protected]> R=localuser T=local_delivery
-bash: [email protected]: No such file or directory
root@server:~# 2025-09-29 20:44:04 1v3OTM-00000006ol2-1sWS Completed
2025-09-29: command not found
root@server:~#
root@server:~# +++ 1v2qXL-0000000G1S4-2Y5V has not completed +++
Command '+++' not found, did you mean:
command 'p++' from deb pcc (1.2.0~DEVEL+20220331-1)
command 'g++' from deb g++ (4:13.2.0-2ubuntu1)
command 'c++' from deb g++ (4:13.2.0-2ubuntu1)
command 'c++' from deb clang (1:17.0-58~exp1)
command 'c++' from deb pcc (1.2.0~DEVEL+20220331-1)
command 'c++' from deb pentium-builder (0.21+nmu2ubuntu1)
Try: apt install <deb name>
root@server:~# 2025-09-30 00:14:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
-bash: syntax error near unexpected token `('
root@server:~# 2025-09-30 00:44:04 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
-bash: syntax error near unexpected token `('
root@server:~# 2025-09-30 01:14:03 1v2qXL-0000000G1S4-2Y5V == [email protected] R=dnslookup T=remote_smtp defer (-54): retry time not reached for any host for 's1rx4.tobu-wedding.com'
-bash: syntax error near unexpected token `('
root@server:~# 2025-09-30 01:44:06 1v2qXL-0000000G1S4-2Y5V == v.er.b.ridg.eken.da.b
In those logs I can’t see who is sending the emails.
Could you please share the entire mainlog using a service like Pastebin or something similar?
here ho send:
[email protected]
host mail.s1rx4.tobu-wedding.com [125.228.216.16]
That’s the recipient, not the sender.
come new may by you can see here. if no help, I need reinstall VPS?
Last login: Tue Sep 30 09:53:00 2025 from 66.220.203.0
root@server:~# exigrep '1v3EmR-00000004L55-48IA' /var/log/exim4/mainlog*
2025-09-30 10:44:04 1v3baG-0000000AGp8-2pif <= <> R=1v3EmR-00000004L55-48IA U=De bian-exim P=local S=3337
2025-09-30 10:44:04 1v3baG-0000000AGp8-2pif => admin <[email protected]> R=localuser T=local_delivery
2025-09-30 10:44:04 1v3baG-0000000AGp8-2pif Completed
+++ 1v3EmR-00000004L55-48IA has not completed +++
2025-09-30 00:14:04 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [67.195.204. 74]: SMTP error from remote mail server after pipelined MAIL FROM:<admin@onegayp latform.com> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporar ily deferred due to unexpected volume or user complaints - 4.16.55.1; see https: //postmaster.yahooinc.com/error-codes
2025-09-30 00:14:04 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [98.136.96.9 1]: SMTP error from remote mail server after pipelined MAIL FROM:<admin@onegaypl atform.com> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporari ly deferred due to unexpected volume or user complaints - 4.16.55.1; see https:/ /postmaster.yahooinc.com/error-codes
2025-09-30 00:14:05 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [98.136.96.7 4]: SMTP error from remote mail server after pipelined MAIL FROM:<admin@onegaypl atform.com> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporari ly deferred due to unexpected volume or user complaints - 4.16.55.1; see https:/ /postmaster.yahooinc.com/error-codes
2025-09-30 00:14:05 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [98.136.96.7 :...skipping...
2025-09-30 10:44:04 1v3baG-0000000AGp8-2pif <= <> R=1v3EmR-00000004L55-48IA U=Debian-exim P=local S=3337
2025-09-30 10:44:04 1v3baG-0000000AGp8-2pif => admin <[email protected]> R=localuser T=local_delivery
2025-09-30 10:44:04 1v3baG-0000000AGp8-2pif Completed
+++ 1v3EmR-00000004L55-48IA has not completed +++
2025-09-30 00:14:04 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [67.195.204.74]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 00:14:04 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [98.136.96.91]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 00:14:05 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [98.136.96.74]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 00:14:05 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [98.136.96.76]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 00:14:05 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [67.195.228.94]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 00:14:05 1v3EmR-00000004L55-48IA == [email protected] R=dnslookup T=remote_smtp defer (-45) H=mta5.am0.yahoodns.net [67.195.228.94]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 00:44:04 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [67.195.204.72]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 00:44:04 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [67.195.228.110]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 00:44:05 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [67.195.204.77]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 00:44:05 1v3EmR-00000004L55-48IA H=mta7.am0.yahoodns.net [67.195.228.111]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 00:44:06 1v3EmR-00000004L55-48IA H=mta7.am0.yahoodns.net [67.195.204.73]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 00:44:06 1v3EmR-00000004L55-48IA == [email protected] R=dnslookup T=remote_smtp defer (-45) H=mta7.am0.yahoodns.net [67.195.204.73]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2025-09-30 01:14:04 1v3EmR-00000004L55-48IA H=mta5.am0.yahoodns.net [67.195.204.73]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=4907: 421 4.7.0 [TSS04] Messages from 207.231.106.164 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.y:
The mails you are receiving are for mails sent a few days ago but the logs are removed so we can’t see the start of the smtp session.
That’s because I told you to show the entire mainlog. If you reinstall and don’t know what happened… maybe a password of one of your users has been compromissed and you only need to change it..
Not Hestia related, but I have a very old foogle account. 2FA and everything is turned ON, and no unidentified login was detected. But I keep getting something similar there, almost every day after midnight. Since I am asleep I am not aware, but when I log back in, I get no details or anything like that to showcase what might have happened. Moreover, since foogle, I do not have access to such stuffs.
Sorry for speaking off-topic, but I am facing this for almost 1 week now.
I change password to all emails 2 days ago and delete all files fom public_html and datebase too. Now I delete email account [email protected] . No waite any more emails from all domains. Can I delete any queue to send email?
To view queued messages:
exim -bp
To remove all of them from queue:
exim -bp | exiqgrep -i | xargs exim -Mrm
it’s done?
Last login: Tue Sep 30 11:31:05 2025 from 66.220.203.0
root@server:~# exim -bp
4d 3.7K 1v2KWg-00000009oUF-06uw <[email protected]> (gayplatform)
[email protected]
71h 3.8K 1v2ZnW-0000000CaDW-3agr <[email protected]> (gayplatform)
[email protected]
62h 3.8K 1v2iHU-0000000EAm0-2JfZ <[email protected]> (gayplatform)
[email protected]
53h 3.8K 1v2qXL-0000000G1S4-2Y5V <[email protected]> (gayplatform)
[email protected]
51h 3.8K 1v2sFG-0000000GQSh-2rQy <[email protected]> (gayplatform)
[email protected]
44h 3.8K 1v2yfJ-00000000Nxp-2Dwi <[email protected]> (gayplatform)
[email protected]
27h 3.7K 1v3EmR-00000004L55-48IA <[email protected]> (gayplatform)
[email protected]
20h 2.1K 1v3L2d-00000005v79-3fAT <> *** frozen ***
[email protected]
19h 2.1K 1v3MQT-00000006CqF-1NOT <> *** frozen ***
[email protected]
16h 2.1K 1v3Oql-00000006vYN-0wtk <> *** frozen ***
[email protected]
5h 2.1K 1v3Zki-00000009isf-0JOk <> *** frozen ***
[email protected]
4h 2.1K 1v3aDc-00000009skz-1QF0 <> *** frozen ***
[email protected]
70m 2.9K 1v3czM-0000000AgB5-2EPt <> *** frozen ***
[email protected]
root@server:~# exim -bp | exiqgrep -i | xargs exim -Mrm
exim: malformed message id Exim after -Mrm option
Check the queue again.
exim -bp
If there is no output, everything is fine. If there is still output, please show the output of this command:
Edit to fix exim command:
exim -bp | exiqgrep -i
no clear
root@server:~# exim -bp
4d 3.7K 1v2KWg-00000009oUF-06uw <[email protected]> (gayplatform)
[email protected]
3d 3.8K 1v2ZnW-0000000CaDW-3agr <[email protected]> (gayplatform)
[email protected]
64h 3.8K 1v2iHU-0000000EAm0-2JfZ <[email protected]> (gayplatform)
[email protected]
56h 3.8K 1v2qXL-0000000G1S4-2Y5V <[email protected]> (gayplatform)
[email protected]
54h 3.8K 1v2sFG-0000000GQSh-2rQy <[email protected]> (gayplatform)
[email protected]
47h 3.8K 1v2yfJ-00000000Nxp-2Dwi <[email protected]> (gayplatform)
[email protected]
30h 3.7K 1v3EmR-00000004L55-48IA <[email protected]> (gayplatform)
[email protected]
23h 2.1K 1v3L2d-00000005v79-3fAT <> *** frozen ***
[email protected]
22h 2.1K 1v3MQT-00000006CqF-1NOT <> *** frozen ***
[email protected]
19h 2.1K 1v3Oql-00000006vYN-0wtk <> *** frozen ***
[email protected]
7h 2.1K 1v3Zki-00000009isf-0JOk <> *** frozen ***
[email protected]
7h 2.1K 1v3aDc-00000009skz-1QF0 <> *** frozen ***
[email protected]
4h 2.9K 1v3czM-0000000AgB5-2EPt <> *** frozen ***
[email protected]
root@server:~# exim -bq | exiqgrep -i
exim abandoned: unknown, malformed, or incomplete option -bq
Exim message queue display utility.
-h This help message.
-C Specify which exim.conf to use.
-E Specify exim binary to use.
Selection criteria:
-f <regexp> Match sender address sender (field is "< >" wrapped)
-r <regexp> Match recipient address
-s <regexp> Match against the size field from long output
-y <seconds> Message younger than
-o <seconds> Message older than
-z Frozen messages only (exclude non-frozen)
-x Non-frozen messages only (exclude frozen)
-G <queuename> Match in given queue only
[ NB: for regexps, provided string sits in /<string>/ ]
Display options:
-c Display match count
-l Long Format [Default]
-i Message IDs only
-b Brief Format
-R Reverse order
-a All recipients (including delivered)
My bad, it’s -bp instead of -bq
Anyway, remove all of them:
exiqgrep -i | xargs exim -Mrm
root@server:~# exim -bp
4d 3.7K 1v2KWg-00000009oUF-06uw <[email protected]> (gayplatform)
[email protected]
3d 3.8K 1v2ZnW-0000000CaDW-3agr <[email protected]> (gayplatform)
[email protected]
65h 3.8K 1v2iHU-0000000EAm0-2JfZ <[email protected]> (gayplatform)
[email protected]
56h 3.8K 1v2qXL-0000000G1S4-2Y5V <[email protected]> (gayplatform)
[email protected]
54h 3.8K 1v2sFG-0000000GQSh-2rQy <[email protected]> (gayplatform)
[email protected]
47h 3.8K 1v2yfJ-00000000Nxp-2Dwi <[email protected]> (gayplatform)
[email protected]
30h 3.7K 1v3EmR-00000004L55-48IA <[email protected]> (gayplatform)
[email protected]
23h 2.1K 1v3L2d-00000005v79-3fAT <> *** frozen ***
[email protected]
22h 2.1K 1v3MQT-00000006CqF-1NOT <> *** frozen ***
[email protected]
19h 2.1K 1v3Oql-00000006vYN-0wtk <> *** frozen ***
[email protected]
7h 2.1K 1v3Zki-00000009isf-0JOk <> *** frozen ***
[email protected]
7h 2.1K 1v3aDc-00000009skz-1QF0 <> *** frozen ***
[email protected]
4h 2.9K 1v3czM-0000000AgB5-2EPt <> *** frozen ***
[email protected]
root@server:~# exiqgrep -i | xargs exim -Mrm
exim: malformed message id Exim after -Mrm option
root@server:~#