> Well, the OP stated that he was told by the CBL guys
> that is IP was listed due
> to something using the remote domain as the HELO
> greeting.
correct.
> would do it by itself. But if the server hosts
> multiple web sites, it is
> possible that one of the customers abuses the server
> or has written or
> installed an insecure script that allows an attacker
> to run code of his own
> as that customer.
it is a host with multiple websites, i already
disabled mail() function on PHP.
as suggested by one of the mailing list member to
check on exim log. i do as he say but can't found any
suspicious log record.
does exim can log HELO session too? if yes how do i do it?
Best Regards,
Markus
Send instant messages to your online friends
http://uk.messenger.yahoo.com
