Preventing 127.0.0.1/localhost spamming via exim

optize

Well-Known Member
Apr 27, 2005
146
0
166
This doesn't happen very often, but when it does happen it creates quite a mess...

Someone will use jailshell/ssh to log in and tunnel in spam via localhost. Since it doesn't come in via apache/php/litespeed/whatever, it's not being tracked to their account.

CSF does detect the outbound spam, but has no ways of stopping it, unless I'm missing something:

--
Time: Mon Apr 9 06:16:54 2012 -0700
Type: LOCALHOSTRELAY, localhost - 127.0.0.1
Count: 150 emails relayed
Blocked: No

Sample of the first 10 emails:

2012-04-09 06:16:51 [217979] 1SHESg-000uhn-4d <= [email protected] H=localhost.localdomain (User) [127.0.0.1]:51686 I=[127.0.0.1]:25 P=smtp S=1935 T="Read This And Get Back To Me Please" from <[email protected]> for [email protected],[email protected],etc..
--

There has to be a way to either track to this to the account, so the max exim emails per hour restriction will take effect, or a way to not allow this kind of relaying, without breaking web scripts, etc.

I can't be the only one that has ran into this issue...
 

mephisto

Member
Feb 1, 2010
19
0
51
We have the same problem. 11.32 doesn't seem to have it fixed. Any ideas? Maybe someone from cPanel team can respond?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator