Someone able to send out emails from a domain on my server using a fake email

Apexity

Member
May 5, 2004
13
0
151
I thought I had secured this a while ago, but that was a formmail(BCC) hack. Now rthis

Any help on what to shut down?

Looking in mail queue shows:
___________________________________________________________

1DM6Vc-0005Q0-Jp-H
mailnull 47 12
<>
1113493440 0
-ident mailnull
-received_protocol local
-body_linecount 950
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1113493441
-localerror
XX
1
[email protected]

150P Received: from mailnull by myservername.com with local (Exim 4.43)
id 1DM6Vc-0005Q0-Jp
for [email protected]; Thu, 14 Apr 2005 11:44:00 -0400
040 X-Failed-Recipients: [email protected]
031 Auto-Submitted: auto-generated
063F From: Mail Delivery System <[email protected]>
025T To: [email protected]
059 Subject: Mail delivery failed: returning message to sender
052I Message-Id: <[email protected]>
038 Date: Thu, 14 Apr 2005 11:44:00 -0400


_______________________________________________________________

1DM6Vc-0005Q0-Jp-D
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
This message has been rejected because it has
a potentially executable attachment "doc.scr"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.

------ This is a copy of the message, including all the headers. ------

Return-path: <[email protected]>
Received: from [216.110.107.78] (helo=msn.com)
by myserver.com with esmtp (Exim 4.43)
id 1DM6UA-0005PV-KF
for [email protected]; Thu, 14 Apr 2005 11:44:00 -0400
From: [email protected]
To: [email protected]
Subject: HELLO
Date: Thu, 14 Apr 2005 11:31:45 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0014_35825C59.88F4C208"
X-Priority: 3
X-MSMail-Priority: Normal

This is a multi-part message in MIME format.

------=_NextPart_000_0014_35825C59.88F4C20
 

Apexity

Member
May 5, 2004
13
0
151
I did see this in tweak settings: Should this be checked?

Include a list of Pop before SMTP senders in the X-PopBeforeSMTP header when relaying mail. (exim 4.34-30+ required)
 

Apexity

Member
May 5, 2004
13
0
151
How about SMTP Tweak?? Turn that on? Will it do anything bad? Or buggy? Why wouldn't it be on by default?

SMTP Tweak
This SMTP tweak will prevent users from bypassing the mail server to send mail (This is a common practice used by spammers). It will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers.
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
You need to configure your Exim against ACLS and related rules to minimize SPAM and prevent sending out/receiving viruses. PM me if you need help!
 

bijo

Well-Known Member
Aug 21, 2004
474
0
166
India