There is a daily limit of 1,000 outbound emails from your dedicated/Virtual Private Server (VPS). There are several other reasons besides "standard email" that can cause you to reach this daily restriction. The following are a few things you can check:
The default Parallels Plesk Panel setting is to bounce email sent to non-existent users. This means that if your domain is coolexample.com, and someone sends an email to a non-existent user (ex: johndoe@coolexample.com), it is defaulted to send a message back saying "This user does not exist". If your domain receives a lot of incoming mail to non-existent users, the daily limit can be hit in no time.
The solution is to modify your mail preferences to reject mail sent to non-existent users.
You will need to do this for all domains on the server.
An open mail relay is a SMTP server that is configured in such a way that it allows anyone on the Internet to send email through it. You can use the tool at http://www.abuse.net/relay.html to test for an open relay. To close an open relay:
/scripts/fixrelayd
/etc/rc.d/init.d/antirelayd restart
service exim restart
For Plesk (Linux), cPanel, & Simple Control Panel, you will want to use SSH as your main means of troubleshooting. If you do not have an SSH client, you can download Putty free here. For Plesk (Windows), you will want to log in to the server using Remote Desktop. For more information on accessing your server with Remote Desktop see Accessing Your Windows Dedicated Server using Remote Desktop Connection
/usr/local/psa/var/log/maillog
(Qmail log)/var/qmail/bin/qmail-qstat
(View the amount of messages currently in your outbound queue)/var/qmail/bin/qmail-qread
(List out all messages in your outbound queue)find /var/qmail/queue -name NNNN| xargs cat | less
(Read the entire contents of an email, including headers, where NNNN is the ~8 digit ID specified on the /var/qmail/bin/qmail-qread command)/var/log/exim_mainlog
/var/log/exim_paniclog
/var/log/exim_rejectlog
/var/log/maillog
exim -bpr | grep "<" | wc -l
(View the amount of messages currently in your outbound queue)exim -bp
(List out all messages in your outbound queue)/var/log/maillog
(Postfix Log)mailq
(List out all messages in your outbound queue)postcat -q $mailq_message_number | more
(Read the contents of an email in your outbound queue)Your mail logs may also detail vulnerabilities in any scripts that you have installed that send mail. Injection attacks are common against scripts that do not check header data. A trend that indicates an injection attack is a large number of addresses in the BCC field of emails in your queue.
On cPanel servers, make sure you have :fail:
instead of :blackhole:
for your Exim mail settings. An article at http://www.configserver.com/free/fail.html details the differences between the two settings.
To set the default mail behavior to :fail:
, you will want to execute the following command through SSH:
If your domains are set to :fail:
, and your logs still show suspicious traffic that leads to continuous relay usage, then you most likely have problems with the Exim Callout system.
By default, exim.conf is set to use callouts to verify the existence of email senders. This means that every time an email is sent to your server from a new address, Exim connects to the relay server during the RCPT callout command. This places an entry into the Exim "mainlog" and uses a SMTP relay.
You can disable this feature by following these steps: