HI Jeff,
Ideally you`d only allow root or exim to run the exim binary. Then its a case of setting up SMTP auth and forcing your clients to authenticate. Logs would then show who authenticated so you could trace.
Sorry I cant give an example, I`m not in the office this week.
Cheers
Chris
________________________________
From: exim-users-bounces@??? on behalf of Jeff Lasman
Sent: Mon 24/11/2008 17:12
To: exim-users@???
Subject: [exim] tracing mail originating from 127.0.0.1
Our logs show that we're receiving email from 127.0.0.1 with
nondeliverable from addresses. So far only a few hundred a day, and
most to addresses are also nonexistent. But it's spam.
We're a webhosting company. It's hard to know where to start looking.
Currently we allow relaying for email originating on the server. We'd
like to continue allowing it, though we can remove it if necessary.
Is there any easy^H^H^H^H not incredibly hard way to find from which
user the spam really originates?
Is there any easy way to disable email from nondeliverable email
addresses only for email originating on our server?
Thanks in advance for any ideas.
Jeff
--
Jeff Lasman, Nobaloney Internet Services
P.O. Box 52200, Riverside, CA 92517
Our blists address used on lists is for list email only
voice: +1 951 643-5345, or see:
"
http://www.nobaloney.net/contactus.html"
--
## List details at
http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/