BCC Form Spam is not logged anywhere

[jerrek71]

That I can find at least

I have a PHP script on my server which has been used to send out lots and lots of spam to AOL. I only discovered this because Hotmail blocked me a week ago and in the course of discussion with them I discovered that my machine had sent over 600 messages per day to them.

Upon checking deeper (and looking directly at the queue files) I discover that the same script has been used to send to more like 6000 AOL e-mail addresses per day.

I've installed Mod Security now, and sorted out the erroneous script (though no doubt there will be more in the future).

But, what I do not understand is that NONE of these messages show in my MailWatch reports. If they had I may have tracked this down a lot quicker. My MailWatch reports show only messages to AOL that were legitimate.

Anyone have any idea how a message could appear in the outbound queue but not show in MailWatch?

Cheers,
Steve

 

[chirpy]

If the email isn't logged in exim_mainlog then the script was likely sending email directly through port 25 and bypassing exim entirely.

 

[jerrek71]

If the email isn't logged in exim_mainlog then the script was likely sending email directly through port 25 and bypassing exim entirely.

Hi Chirpy,
That's what I would have thought to, except for a couple of things;

I have ConfigServer firewall set to block port 25 outbound except for exim, root and mailman. The script sending mail was a PHP script, owned by 'deardiar' account (using the PHP mail() command).

Also, any delayed messages DO show in the exim mail queue in cPanel, but do not show in the MailWatch statistics.

I think the messages are being logged in exim_mainlog - though there's so many it's hard to be sure. But they're definitely not being logged into the MailWatch stats.

Regards,
Steve.