Hello guys, I received this from provider:
We have noticed a significant increase of outgoing connections from your server with IP 0.0.0.0 (Hostname). The level of SMTP traffic on port 25/tcp is unusually high and at this pace you will hit the limit soon and all connections on this port will be blocked until the next day.
Is that any chances to find out which domain is that? I set hourly limit (5-7) for all domains but still receive that, what can I do in this case?
Check /var/log/exim4/mainlog
Thank you very much eris 
eris, in this log there is a mail ([email protected]) that user didn’t create and also not on the panel, so how was this email created? its hacked?
Wordpress any other software that mails?
Only WP, I checked, only created mails are referenced there, is there a chance that everything is sent from background?
2024-10-21 16:49:08 1t2EF2-006qVV-Lv Message is frozen
2024-10-21 16:49:09 1t1wCg-005qRW-66 == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host for 'videotron.ca'
2024-10-21 16:49:10 1t2bK4-008Wy2-KM H=mta5.am0.yahoodns.net [67.195.228.94]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=2109: 421 4.7.0 [TSS04] Messages from 0.0.0.0 (my ip) temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2024-10-21 16:49:11 1t2bK4-008Wy2-KM H=mta5.am0.yahoodns.net [98.136.96.74]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=2109: 421 4.7.0 [TSS04] Messages from 0.0.0.0 (my ip) temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2024-10-21 16:49:12 1t2bK4-008Wy2-KM H=mta5.am0.yahoodns.net [67.195.204.72]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=2109: 421 4.7.0 [TSS04] Messages from 0.0.0.0 (my ip) temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2024-10-21 16:49:13 1t2bK4-008Wy2-KM H=mta7.am0.yahoodns.net [67.195.228.106]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=2109: 421 4.7.0 [TSS04] Messages from 0.0.0.0 (my ip) temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2024-10-21 16:49:14 1t2bK4-008Wy2-KM H=mta7.am0.yahoodns.net [67.195.204.79]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=2109: 421 4.7.0 [TSS04] Messages from 0.0.0.0 (my ip) temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2024-10-21 16:49:14 1t2bK4-008Wy2-KM == [email protected] R=dnslookup T=remote_smtp defer (-45) H=mta7.am0.yahoodns.net [67.195.204.79]: SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=2109: 421 4.7.0 [TSS04] Messages from 0.0.0.0 (my ip) temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes
2024-10-21 16:49:14 1t2EFs-006qiD-MP Message is frozen
Take a look to this post.
If you want to view the headers for queued message (I’ll use 1t2bK4-008Wy2-KM as example):
exim4 -Mvh 1t2bK4-008Wy2-KM
To view the body:
exim4 -Mvb 1t2bK4-008Wy2-KM
Check if all your mail domains have a admin user or alias:
grep -ri admin /home/*/conf/mail/*/{aliases,accounts}
Thank you @sahsanu
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.