The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim Compromised

Discussion in 'E-mail Discussions' started by wrsenter, Aug 21, 2008.

  1. wrsenter

    wrsenter Registered

    Joined:
    Jul 25, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    All of the sudden, I cant receive email using Outlook. I was looking in the exim_mainlog and I see this repeating over and over. The email address near the bottom is mine and it appears that it is being used to pump out spam. I would assume that CSF (Firewall/Scanner) app is catching it and blocking. Does anyone know how to address a problem like this ? Any help appreciated.

    2008-08-21 22:37:46 H=fm5.miltnews.com [64.127.121.15] Warning: Sender rate 0.0 / 1h
    2008-08-21 22:37:47 1KWNT8-0006FB-Am <= newsltr@miltnews.com H=fm5.miltnews.com [64.127.121.15] P=esmtp S=44879 id=20080822033807.59FED16CE598FA@fm5.miltnews.com T="10 Secrets Banks Won't Tell You"
    2008-08-21 22:37:47 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1KWNT8-0006FB-Am
    2008-08-21 22:37:47 1KWNT8-0006FB-Am => webmaster <webmaster@codeone.biz> R=virtual_user T=virtual_userdelivery
    2008-08-21 22:37:47 1KWNT8-0006FB-Am Completed
     
  2. MaestriaNick

    MaestriaNick Well-Known Member

    Joined:
    Aug 6, 2008
    Messages:
    159
    Likes Received:
    3
    Trophy Points:
    18
    this says that the mail sent from newsltr@miltnews.com (originally from server 64.127.121.15 ) successfully delivered to webmaster@codeone.biz. So, it does not appear that firewall is blocking it. To stop that spamming, you can add firewall rules to block mails from that ip, 64.127.121.15
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    D you have SpamAssassin (SA) or any other SPAM application installed on your server? If yes, is your SPAM agent configured properly and did you enable it on your account?

    Assuming your cPanel is v11.x, go to:
    http://www.cpanel.net/support/docs/11/whm/service_config_exim.html
    http://www.cpanel.net/support/docs/11/whm/service_config_exim_editor.html
     
Loading...

Share This Page