Re: [Exim] heavy load - being an open relay?

Góra strony
Delete this message
Reply to this message
Autor: Suresh Ramasubramanian
Data:  
Dla: Daniel W., exim-users
Temat: Re: [Exim] heavy load - being an open relay?
"Daniel W." <Dan.White@???> writes:

> I recently discovered my box is under heavy load and investigated a
> bit. A "ps ax" showed me quite a lot exim processes. A closer look at
> the "mainlog" logfile showed me lines like the following ones:
> 2002-09-25 11:47:09 17u8l8-0004uJ-00 <= <> H=mc2-s12.law16.hotmail.com
> [65.54.237.61] P=esmtp S=9739

id=3OCcSkpLi00001d3e@???
> 2002-09-25 11:47:09 17u8l8-0004uJ-00 => epico <nobody@???>
> D=localuser T=local_delivery


All these are bounces delivered locally

Either you have an exploited formmail.pl or other insecure perl script, or
someone is forging spam with your domain in the from and you are getting the
bounces.

    -srs