Re: [Exim] heavy load - being an open relay?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Suresh Ramasubramanian
Datum:  
To: Daniel W., exim-users
Betreff: Re: [Exim] heavy load - being an open relay?
"Daniel W." <Dan.White@???> writes:

> I recently discovered my box is under heavy load and investigated a
> bit. A "ps ax" showed me quite a lot exim processes. A closer look at
> the "mainlog" logfile showed me lines like the following ones:
> 2002-09-25 11:47:09 17u8l8-0004uJ-00 <= <> H=mc2-s12.law16.hotmail.com
> [65.54.237.61] P=esmtp S=9739

id=3OCcSkpLi00001d3e@???
> 2002-09-25 11:47:09 17u8l8-0004uJ-00 => epico <nobody@???>
> D=localuser T=local_delivery


All these are bounces delivered locally

Either you have an exploited formmail.pl or other insecure perl script, or
someone is forging spam with your domain in the from and you are getting the
bounces.

    -srs