mail list script sending out spam and crashing server big style

draggle

Registered
Oct 19, 2006
2
0
151
I had my account suspended by my web host because -
"mail list script sending out spam and crashing server big style"

They tell me that this was caused by some kind of highjacking of Mailman, which is installed under CPanel control. Of course they initially thought it must be me, but they did beleive me when it became clear that I don't have half the knowledge to do such a thing. They have kindly un-suspended my account, but I am aware that the same thing could happen again.

They tell me I can inspect the CPanel logs to learn more about what happened.

Which log do I look at and what can I learn?

All the logs in CPanel seem to relate to web traffic rather than usage of my mailing lists.

Any help gratefully received. Its tough being a newbie.

Thanks
Drag
 

rikgarner

Well-Known Member
Mar 31, 2006
75
1
158
/dev/null
Hi Drag,
Im afraid im not *terribly* familiar with Mailman, however, if the mail went through Exim, then you want to be taking a look at:

/var/log/exim_mainlog

SSH onto the server, and vi your way through the log. Depending on the level of logging enabled, it will show a varying degree of detail

As I say, if the problem was caused by someone relaying through you (which is very bad exim config), then the exim mainlog is where its at. If it is a PHP script exploit, then i'm afraid that someone else will need to help :)

I strongly recommend the ELS script over at servermonkeys:

http://www.servermonkeys.com/els.php

Also, If you head into "tweak settings" on your server, you can limit the number of emails a domain sends per hour. Also, under Exim Configuration Editor, "Verify the existance of email senders".
If you still have problems, I suggest hiring a server admin to tighten things down for you.

Rich :)