Mail queue size limit of 1000 exceeded Problem

Please I need your help. The regular server admin is unavailable and I have to resolve this issue asap.

Over the last week, I have been getting Mail queue size limit of 1000 exceeded notifications on my server. I checked the mail queue and noticed 2 separate emails addresses are spamming my server with 3000-4500 messages at a time. These email addresses belong to domains that are not hosted on my server, as a matter of fact one is a and the other is gmail.

Can anyone please walk me through investigating what domain on my server is being used and blocking these from happening? I keep having to purge all the messages once I get the notifications but would like to change the password for whatever domain is being used to access this.

Hi hj2la96

Welcome to interworx forums

I am not too sure if you have full server access, which you will need to address your issue, if I am correct in my thinking of what your issue is

I am thinking your server has been infected

I would firstly set the mail service to not autorestart if stopped

If you do not have details of one of the emails, then you will have to wait until it happens again, and then ssh into server, change to root user or sudo service send stop

Then login to nodeworx, system services, mail server, queue, and view one of the emails, which will tell you the form used to send it

You then run from ssh, and use find / -type f -name filename.ext

This should find the file and you can delete it

Also, if you run top, I wonder if you’ll see a lot of perl been used by one or more of your siteworx accounts, if so, these are the perl scripts the infection is using, so run killall -9 perl to stop them

I do not believe it is email been sent through your server by normal email but by a mail form on your hosting, given what you’ve posted.


Do you have full root access to server

Have you installed rkhunter

Have you installed maldet

Have you installed BFD

Is your server updated to the latest updates for your distro

Have you stopped direct root access by ssh login

If you want to post the email detail, that would help but if it is what I think it is, you may not be able to fully clean the server, and therefore your only real option if I am correct, would be a full clean install from a trusted source

I hope that helps and sorry if I am wrong

Many thanks


Thank you for responding John.

Unfortunately I only have access to InterWorx. But I will wait until in happens today and post the contents of an email.

Thank you