--
On Sun, May 05, 2002 at 11:09:12PM -0400, Tomasz Kosinski wrote:
| I am using exim 3.32, Debian woody/testing.
|
| I have been using exim and fetchmail for about six months on a mostly
| single user machine with a dial-up connection. For some reason, about
| ten days ago, I stopped being able to send out mail.
How much do you usually dial-up? Do you usually stay connected for
long?
| 8.) One or two days pass by while I try to figure this out, when all of
| a sudden there are 83 new junk mail message in the queue. If I try to
| check out with -Mvh where they are coming from, I get, for example:
|
| sanmarco:# exim -Mvh 173w7f-0001KG-00
...
| mail 8 8
...
| -received_protocol local
...
| 147P Received: from mail by localhost with local (Exim 3.32 #1 (Debian))
Some locally running process with uid 8 and gid 8 (mail/mail) and
piped a message to exim. This means there is a hole on your system
somewhere and at least one spammer is aware of it and is exploiting
it.
| 068 X-Failed-Recipients: 395=217.10.172.50=65.90.116.84=@[65.90.116.84]
^^^^^^^^^^^^
Was that your IP at that time? It is blacklisted in several DNSBLs.
| It appears that the first (the junk) is generated by a user or group
| named "mail", how, I don't understand, but...
A common cause is having the formmail.pl script on your webserver. It
is easy to send a packaged HTTP request to it to make it send mail out
through your system.
HTH,
-D
--
Who can say, "I have kept my heart pure;
I am clean and without sin"?
Proverbs 20:9
GnuPG key :
http://dman.ddts.net/~dman/public_key.gpg
--
[ Content of type application/pgp-signature deleted ]
--