Hello everyone
I have a strange problem.
Spam email is sent from my server, I closed all email ports in csf, but email was still being sent.
The more I checked, the more I noticed that emails were sent from users with rdns domain servers.
All emails are sent with Local IP (127.0.0.1).
I put the IP in the block list and the emails are rejected, but I want to know how the email is sent. Is the server hacked?
Processes are created from mailnull. No email will be sent when I stop this processing.
I have a strange problem.
Spam email is sent from my server, I closed all email ports in csf, but email was still being sent.
The more I checked, the more I noticed that emails were sent from users with rdns domain servers.
All emails are sent with Local IP (127.0.0.1).
I put the IP in the block list and the emails are rejected, but I want to know how the email is sent. Is the server hacked?
Processes are created from mailnull. No email will be sent when I stop this processing.
Code:
ps -aux |grep 'mailnull'
mailnull 1791867 1.2 0.0 84012 6312 ? Ss 12:59 0:11 /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
mailnull 2053018 0.0 0.0 86800 9764 ? S 13:13 0:00 /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
mailnull 2060185 0.0 0.0 84484 5984 ? S 13:13 0:00 /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
mailnull 2066604 0.0 0.0 87356 5984 ? S 13:13 0:00 /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
mailnull 2067195 0.0 0.0 87356 5984 ? S 13:14 0:00 /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
Attachments
-
791.5 KB Views: 4
Last edited: