[exim] Disbaling mails being sent via localhost

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: soumya tr
Data:  
Para: exim-users@exim.org
Asunto: [exim] Disbaling mails being sent via localhost
Hi,

I am having issues, were in some customers account has been hacked, and
malicious php scripts are added to sent out mails using socket creation
method [ it is similar to sending out mails like telnet localhost 25 ]

The respective logs:

2014-02-05 09:43:50 1WAz1K-001Zgy-HT H=localhost [127.0.0.1]:50015 Warning:
"SpamAssassin as cpaneleximscanner detected OUTGOING smtp message as NOT
spam (-1.0)"
2014-02-05 09:43:50 1WAz1K-001Zgy-HT <= NYDBfjG@??? H=localhost
[127.0.0.1]:50015 P=smtp S=825
id=BrKKONI.WlwhspCjPQnK@???="=?utf-8?B?0JrQsNC6INC30LAg0LzQtdGB0Y/RhiDQt9Cw0YDQsNCx0L7RgtCw0YLRjCA4Nzk1JD8=?="
for ladya-nn@???

This is creating spamming issues, and blacklist of servers. If I disable
port 25 connections to localhost, the mail functionality would be affceted
[as cron mails are sent via localhost]. Is there any way I can handle this
situation.

Please assist.

--
Regards,
Soumya