"Daniel W." <Dan.White@???> writes:
> I recently discovered my box is under heavy load and investigated a
> bit. A "ps ax" showed me quite a lot exim processes. A closer look at
> the "mainlog" logfile showed me lines like the following ones:
> 2002-09-25 11:47:09 17u8l8-0004uJ-00 <= <> H=mc2-s12.law16.hotmail.com
> [65.54.237.61] P=esmtp S=9739
id=3OCcSkpLi00001d3e@???
> 2002-09-25 11:47:09 17u8l8-0004uJ-00 => epico <nobody@???>
> D=localuser T=local_delivery
All these are bounces delivered locally
Either you have an exploited formmail.pl or other insecure perl script, or
someone is forging spam with your domain in the from and you are getting the
bounces.
-srs
