Auteur: soumya tr Date: À: exim-users@exim.org Sujet: [exim] Disbaling mails being sent via localhost
Hi,
I am having issues, were in some customers account has been hacked, and
malicious php scripts are added to sent out mails using socket creation
method [ it is similar to sending out mails like telnet localhost 25 ]
The respective logs:
2014-02-05 09:43:50 1WAz1K-001Zgy-HT H=localhost [127.0.0.1]:50015 Warning:
"SpamAssassin as cpaneleximscanner detected OUTGOING smtp message as NOT
spam (-1.0)"
2014-02-05 09:43:50 1WAz1K-001Zgy-HT <= NYDBfjG@??? H=localhost
[127.0.0.1]:50015 P=smtp S=825
id=BrKKONI.WlwhspCjPQnK@???="=?utf-8?B?0JrQsNC6INC30LAg0LzQtdGB0Y/RhiDQt9Cw0YDQsNCx0L7RgtCw0YLRjCA4Nzk1JD8=?="
for ladya-nn@???
This is creating spamming issues, and blacklist of servers. If I disable
port 25 connections to localhost, the mail functionality would be affceted
[as cron mails are sent via localhost]. Is there any way I can handle this
situation.