Autor: Nico Erfurth Data: A: Chris Sparnicht CC: exim-users Assumpte: Re: [Exim] Exim or linux virus?
Chris Sparnicht wrote: > Greetings!
>
> I am not currently running exim on my site, however, I keep getting spam from
> somebody who is running exim. Strangely, it seems to be coming from my
> site, but there seems to be no IP trail in the header to check one way
> or another exactly where the email is coming from. I'd almost swear it
> has to be coming from my site because it says it's bouncing from my
> website, and yet when I go into shell and use 'locate exim' as su, I see
> no example of exim anywhere on my box.
>
> Here is an example the virus-laden spam.
> Please note - it's always involving this Lara Croft site, it's always
> got a virus, probably in the midi file attachment, but the
> email address to which it's posted changes.
>
> Is it likely that someone has found a way to open a smtp relay
> through my site or is exim just lean enough that it doesn't give
> away IP trails in the header?
Most probably, someone send mails with your mail-address, so the message
bounces back to you.
Watch for the headers of the bounce, and contact the admin of the bounce
sending server, maybe he can help you to track this.
