BCC Form Spam is not logged anywhere

jerrek71

Active Member
Jul 27, 2006
42
1
158
That I can find at least :)

I have a PHP script on my server which has been used to send out lots and lots of spam to AOL. I only discovered this because Hotmail blocked me a week ago and in the course of discussion with them I discovered that my machine had sent over 600 messages per day to them.

Upon checking deeper (and looking directly at the queue files) I discover that the same script has been used to send to more like 6000 AOL e-mail addresses per day.

I've installed Mod Security now, and sorted out the erroneous script (though no doubt there will be more in the future).

But, what I do not understand is that NONE of these messages show in my MailWatch reports. If they had I may have tracked this down a lot quicker. My MailWatch reports show only messages to AOL that were legitimate.

Anyone have any idea how a message could appear in the outbound queue but not show in MailWatch?

Cheers,
Steve
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
If the email isn't logged in exim_mainlog then the script was likely sending email directly through port 25 and bypassing exim entirely.
 

jerrek71

Active Member
Jul 27, 2006
42
1
158
chirpy said:
If the email isn't logged in exim_mainlog then the script was likely sending email directly through port 25 and bypassing exim entirely.
Hi Chirpy,
That's what I would have thought to, except for a couple of things;

I have ConfigServer firewall set to block port 25 outbound except for exim, root and mailman. The script sending mail was a PHP script, owned by 'deardiar' account (using the PHP mail() command).

Also, any delayed messages DO show in the exim mail queue in cPanel, but do not show in the MailWatch statistics.

I think the messages are being logged in exim_mainlog - though there's so many it's hard to be sure. But they're definitely not being logged into the MailWatch stats.

Regards,
Steve.