Hi,
I hope you guys can help me out...
I have an ADSL connection with fixed IP, and use easydns.com to provide
DNS and backup mail spools.
My gateway PC runs gentoo linux and exim 4.20 with exiscan-acl v9.
This week, the admins at easydns.com have informed me that I'm sending
"10's of thousands" of what looks like spam to aol.com addresses, back
through their relays (my backup MX servers).
Now I'm 95% convinced that it's not my exim config that is at fault as
I've run the ordb.org open relay tests (and a couple of others) which
have shown me not to be an open relay.
I've also gone through my mail logs and can find nothing matching the
examples sent to me, for example:
> Received: from mail.allowanceweb.net (invisibles.org [213.152.46.20])
> by crelay1.easydns.com (Postfix) with SMTP
> id 5D03754BA6; Thu, 10 Jul 2003 07:22:39 -0400 (EDT)
> To: <rooter99@???>
> Cc: <emmafalla@???>, <fboyd60483@???>, <avadootz@???>,
> <emnr@???>
> From: toumer@???
> Subject: Fwd: Vital Refresh to Your Mortgage Application
> Date: Thu, 10 Jul 2003 05:20:45 -0800
> MIME-Version: 1.0
I've run chkrootkit on my gateway server, and virus checked the windows
PCs that NAT through it, all of which has shown nothing.
I'm finding it hard to believe that 10's of thousands of spam emails can
have come through my machine without me noticing anything - surely I
would have noticed the lack of bandwith at least? My connection is only
512/128 kbps.
I know this is probably not exim related, but can anyone help me? I'm
really quite worried about this.
Regards,
Tim Dodge
