Serious SPAM Help !!

PDW

Well-Known Member
Dec 29, 2003
138
3
168
I need some serious help with a SPAM issue on my server. Starting a few weeks ago the server load jumped and I saw a huge increase amount of SPAM being sent from
the server. This is odd since I have everything isntalled and blocked properly. Running pop before smtp, phpsuex etc... I have mod_sec. installed, and I am tracking all of the emails.
I have checked for insecure scripts....

In fact this is on one of my own domains that I own myself.
Relaying is closed
and tested.
All updated are done and running.
APF firewall up and running as well as bfd


I tracked the email logs and here is an example that I got today on this
2006-04-18 05:21:10 1FVpCf-00013R-UX <= [email protected] U=incident P=local S=4517 T="Voce recebeu um cartao" from <[email protected]> for igfreit$
2006-04-18 05:21:10 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1FVpCf-00013R-UX

I have changed the "Incident" Password, that does not do anything.

Any other suggestions?
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
PDW said:
I need some serious help with a SPAM issue on my server. Starting a few weeks ago the server load jumped and I saw a huge increase amount of SPAM being sent from the server. This is odd since I have everything isntalled and blocked properly.
Track dwon the script used to send out email.
 

PDW

Well-Known Member
Dec 29, 2003
138
3
168
Its not a script. there are no scripts there in that location.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
32
473
Go on, have a guess
The following might provide more information:

grep 1FVpCf-00013R-UX /var/log/exim_mainlog

The log line does suggest that the email was sent from within the incident but locally on the server (i.e. not from an external email client).
 
Thread starter Similar threads Forum Replies Date
brianc Email 6
L Email 8
T Email 2
T Email 2
Radio_Head Email 1