On Monday 22 January 2007 17:37, Chris Edwards wrote:
> On Sun, 21 Jan 2007, Andrew - Supernews wrote:
> | It is not possible for a sanely-configured Exim to get you listed on
> | CBL. There must be _something else_ on the box which is making
> | outgoing port 25 connections; you need to find it.
>
> Putting the OP's problem aside, it sounds like Andrew knows more about the
> CBL listing criteria than most of us. My reading of the above is that
> sending spam via exim won't get you on the CBL. (Unlike e.g spamcop,
> which will list you). This suggests the CBL is looking for IPs exhibiting
> specific characteristics of spamware, rather than simply IPs sending spam.
>
> Of course, I may have got this wrong...
Well, the OP stated that he was told by the CBL guys that is IP was listed due
to something using the remote domain as the HELO greeting. I think Andrew
means that *that* is not possible for a sanely configured Exim to do. It is
also not probable that an insecure mail form or a badly configured Mailman
would do it by itself. But if the server hosts multiple web sites, it is
possible that one of the customers abuses the server or has written or
installed an insecure script that allows an attacker to run code of his own
as that customer.
--
Magnus Holmgren holmgren@???
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans