I’ve been using direct admin on CentOs for 1/2 years now and have hit a sudden problem.
Yesterday I started seeing waves of failed to deliver return to sender messages arrive in my email account. Upon investigations 1000’s of emails appear to be being sent from email accounts on my server.
I’ve currently just disabled EXIM to prevent these being sent out; and have cleared out the message queue.
How do I go around diagnosing where these messages are coming from? Currently when I start Exim I see no more messages arriving. I don’t see any suspicious users/connections and have changed some of the main mail account passwords (though I don’t understand how these can be sent from this domain in the first place).
I’m seeing a relay alert from LFD, is it possible they are being relayed from somewhere else? How do I prevent this?
Thanks for your help,
I’m slightly lost!
Example mail headers:
mail 8 12