[exim] Disbaling mails being sent via localhost

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
Heiko Schlittermann at ->
Delete this message
Reply to this message
Author: soumya tr
Date:  
To: exim-users@exim.org
Subject: [exim] Disbaling mails being sent via localhost
Hi,

I am having issues, were in some customers account has been hacked, and
malicious php scripts are added to sent out mails using socket creation
method [ it is similar to sending out mails like telnet localhost 25 ]

The respective logs:

2014-02-05 09:43:50 1WAz1K-001Zgy-HT H=localhost [127.0.0.1]:50015 Warning:
"SpamAssassin as cpaneleximscanner detected OUTGOING smtp message as NOT
spam (-1.0)"
2014-02-05 09:43:50 1WAz1K-001Zgy-HT <= NYDBfjG@??? H=localhost
[127.0.0.1]:50015 P=smtp S=825
id=BrKKONI.WlwhspCjPQnK@???="=?utf-8?B?0JrQsNC6INC30LAg0LzQtdGB0Y/RhiDQt9Cw0YDQsNCx0L7RgtCw0YLRjCA4Nzk1JD8=?="
for ladya-nn@???

This is creating spamming issues, and blacklist of servers. If I disable
port 25 connections to localhost, the mail functionality would be affceted
[as cron mails are sent via localhost]. Is there any way I can handle this
situation.

Please assist.

--
Regards,
Soumya
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] To prevent spamming from the serverRe: [exim] Disbaling mails being sent via localhost->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)