emergency, need to disallow [email protected] sends

J

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Got kind of an emergency here. We've got some kind of mailer scripts broadcasting spam with [email protected] (of course Our "servername") in the reply-to/return-path.

How can I set up exim to where nobody@ sends are disallowed?
 
AndyReed

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
jols said:
Got kind of an emergency here. We've got some kind of mailer scripts broadcasting spam with [email protected] (of course Our "servername") in the reply-to/return-path.

How can I set up exim to where nobody@ sends are disallowed?
Click to expand...
There are cases where spammers still can send out their SPAM despite the fact that Phpsuexec and suexec are enabled. Finding the culprit and either suspending or deleting them is the best solution. That's what we did with several clients of ours with the same problem.
 
J

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
I've selected Prevent the user 'nobody' from sending out... but the nobody@ email is still being queued. Is this normal?
 
J

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
I've also included log_selector = +all in the Exim config, but I'll be danged if I can find how this spam ise being sent through our server. In the past it has been the result of some php or pl or cgi emailer.

Does anyone have any tips on how to track this one down?
 
AndyReed

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
jols said:
I've also included log_selector = +all in the Exim config, but I'll be danged if I can find how this spam ise being sent through our server. In the past it has been the result of some php or pl or cgi emailer.
Click to expand...
Still is. A spammer is using one of the scripts on your server to deliver their SPAM.

Does anyone have any tips on how to track this one down?
Click to expand...
It could be more than just one.
 
J

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Granted. But the question about how to track this down remains. Any tricks you could offer?
 
M

MattGetWeb

Well-Known Member
Aug 4, 2005
49
0
156
grep '"POST ' /usr/local/apache/domlogs/*

Look for something getting hit a lot. Most contactus/feedback forms will have a few hits a day. When it is getting hit every few minutes..
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
P New Thread Need suggestions for STMP Smarthost Email 1
E emergency - the mail my vps server not working Email 1
J EMERGENCY - need to reinstall cppop but how? Email 0
sneader Emergency help needed - Exim / Postini can't talk Email 5
C EMERGENCY - Mail server WIDE OPEN Email 7
Similar threads
New Thread Need suggestions for STMP Smarthost
emergency - the mail my vps server not working
EMERGENCY - need to reinstall cppop but how?
Emergency help needed - Exim / Postini can't talk
EMERGENCY - Mail server WIDE OPEN
Top Bottom