Re: [exim] my IP blacklisted at CBL issues with HELO'ing

Top Page
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: exim-users
Subject: Re: [exim] my IP blacklisted at CBL issues with HELO'ing
On 19/01/2007 13:09, Magnus Holmgren wrote:
> Well, it's very common for ratware to do that, but you would have to try hard
> to make Exim do it (OK, it's not that hard, but it's nothing you do by
> mistake). And nothing in Exim's configuration stops other programs from
> sending mail directly with SMTP - to stop that you need a firewall setup. It
> seems possible that your server has been cracked, especially since it's a web
> server.


Ah, the joys of shared hosting.

Check your webserver logs too - this could very trivially be a PHP
exploit. If one of your domains is suddenly doing a very large amount of
web traffic, it could well be that you have a vulnerable script which
someone is pumping SMTP rubbish into.

Graeme