My ConfigServerFirewall (CSF) reported:

SUBJECT: lfd on vps: Excessive processes running under user postfix

BODY:
User:postfix PID:12215 PPID:19550 Run Time:139(secs) Memory:81524(kb) exe:/usr/libexec/postfix/cleanup cmd:cleanup -z -t unix -u
User:postfix PID:12217 PPID:19550 Run Time:139(secs) Memory:81416(kb) exe:/usr/libexec/postfix/bounce cmd:bounce -z -n defer -t unix -u
User:postfix PID:12293 PPID:19550 Run Time:43(secs) Memory:81584(kb) exe:/usr/libexec/postfix/trivial-rewrite cmd:trivial-rewrite -n rewrite -t unix -u
User:postfix PID:12294 PPID:19550 Run Time:43(secs) Memory:81620(kb) exe:/usr/libexec/postfix/proxymap cmd:proxymap -t unix -u
User:postfix PID:12302 PPID:19550 Run Time:43(secs) Memory:81416(kb) exe:/usr/libexec/postfix/bounce cmd:bounce -z -n defer -t unix -u
User:postfix PID:12303 PPID:19550 Run Time:43(secs) Memory:81416(kb) exe:/usr/libexec/postfix/bounce cmd:bounce -z -n defer -t unix -u

word "defer" says to me that there is an issue with undelivered (deferred) emails. so i checked /var/spool directory size:

# cd /var/spool
# du -h --max-depth=2

4.0K ./mail
4.0K ./mqueue
4.0K ./lpd
4.0K ./samba
4.0K ./postfix/hold
4.0K ./postfix/trace
4.0K ./postfix/active
4.0K ./postfix/private
4.0K ./postfix/bounce
4.0K ./postfix/incoming
4.0K ./postfix/corrupt
4.0K ./postfix/flush
8.0K ./postfix/pid
3.4M ./postfix/deferred
3.1M ./postfix/defer
4.0K ./postfix/maildrop
4.0K ./postfix/public
4.0K ./postfix/saved
6.5M ./postfix
4.0K ./vacation
4.0K ./at/spool
12K ./at
2.2M ./clientmqueue
8.0K ./cron
8.7M .
so the defer folders appears to be suspiciously large.

# cd ./postfix/deferred; ls -lht


total 64K
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 3
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 8
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 9
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 F
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 5
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 A
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 0
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 4
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 B
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 C
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 2
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 E
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 D
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 1
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 6
drwx------ 2 postfix postfix 4.0K Jan 3 05:49 7
I tried to find email files recently modiffied so i see what are these emails about:

# find . -type f -mmin 1


./7/72FBB22A1BF4
./A/ACBF022A1B39
./4/4CDF822A1BDB
see the content of one file:
# cat ./7/72FBB22A1BF4

it shown an email which is sent by the bash script that im running on cronjob. This script output is being sent to some root email which do not exist, so i edited my cronjob command to be like: */3 * * * * /path/to/script.sh > /dev/null
/dev/null part will be mutting all script output (except errors) so no emails are sent out because nothing is outputted.

Also another approach solving this postfix defer issue can be defining default cronjob mail address so above mentioned Linux mails go there and are not deferred. So i also editted my cronjob:

# crontab -e

and to the first line i add:
[email protected]

Another ways to find why there is alot of exim processes:

0) Check /var/log/exim_mainlog
1) When having WHM/cpanel, one can take a look into: Home »Email »View Mail Statistics Summary to see which account sends many emails.
2) Use Linux command to show top directories that sends out most email: http://internetlifeforum.com/mailser...w-top-mailers/