Author: Graeme Fowler Date: To: exim-users Subject: Re: [exim] my IP blacklisted at CBL issues with HELO'ing
On 19/01/2007 13:09, Magnus Holmgren wrote: > Well, it's very common for ratware to do that, but you would have to try hard
> to make Exim do it (OK, it's not that hard, but it's nothing you do by
> mistake). And nothing in Exim's configuration stops other programs from
> sending mail directly with SMTP - to stop that you need a firewall setup. It
> seems possible that your server has been cracked, especially since it's a web
> server.
Ah, the joys of shared hosting.
Check your webserver logs too - this could very trivially be a PHP
exploit. If one of your domains is suddenly doing a very large amount of
web traffic, it could well be that you have a vulnerable script which
someone is pumping SMTP rubbish into.