This doesn't happen very often, but when it does happen it creates quite a mess...
Someone will use jailshell/ssh to log in and tunnel in spam via localhost. Since it doesn't come in via apache/php/litespeed/whatever, it's not being tracked to their account.
CSF does detect the outbound spam, but has no ways of stopping it, unless I'm missing something:
--
Time: Mon Apr 9 06:16:54 2012 -0700
Type: LOCALHOSTRELAY, localhost - 127.0.0.1
Count: 150 emails relayed
Blocked: No
Sample of the first 10 emails:
2012-04-09 06:16:51 [217979] 1SHESg-000uhn-4d <= [email protected] H=localhost.localdomain (User) [127.0.0.1]:51686 I=[127.0.0.1]:25 P=smtp S=1935 T="Read This And Get Back To Me Please" from <[email protected]> for [email protected],[email protected],etc..
--
There has to be a way to either track to this to the account, so the max exim emails per hour restriction will take effect, or a way to not allow this kind of relaying, without breaking web scripts, etc.
I can't be the only one that has ran into this issue...
Someone will use jailshell/ssh to log in and tunnel in spam via localhost. Since it doesn't come in via apache/php/litespeed/whatever, it's not being tracked to their account.
CSF does detect the outbound spam, but has no ways of stopping it, unless I'm missing something:
--
Time: Mon Apr 9 06:16:54 2012 -0700
Type: LOCALHOSTRELAY, localhost - 127.0.0.1
Count: 150 emails relayed
Blocked: No
Sample of the first 10 emails:
2012-04-09 06:16:51 [217979] 1SHESg-000uhn-4d <= [email protected] H=localhost.localdomain (User) [127.0.0.1]:51686 I=[127.0.0.1]:25 P=smtp S=1935 T="Read This And Get Back To Me Please" from <[email protected]> for [email protected],[email protected],etc..
--
There has to be a way to either track to this to the account, so the max exim emails per hour restriction will take effect, or a way to not allow this kind of relaying, without breaking web scripts, etc.
I can't be the only one that has ran into this issue...
