Author: David Anderson Date: To: exim-users Subject: [Exim] Are there any known remote exploits for Exim? My mail servers have
been remotely crashed.
Hi,
I'm running Exim 4.30. Last night my primary MX crashed at 01:13, and the
secondary at 01:17.
There's nothing helpful in the logs - that is, there is no record of
connections from the same hosts, i.e. both hosts seem to have crashed
before being able to log anything.
Exim was in a state where just the SMTP listening process was running,
with no child processes. Connecting to port 25 seemed to initiate a
connection, but Exim's banner wasn't printed, and no child process was
spawned.
I attached a strace to the exim process, and nothing was happenning when I
telnet-ed to port 25.
I run ClamAV, but this was still working fine (I could scan things with
'clamdscan') , and the fact that Exim wasn't spawning any child processes
seems to indicate that Clam wasn't related to the problem.
