Answer the question
In order to leave comments, you need to log in
L
L
linelect2014-12-05 16:26:00
linelect, 2014-12-05 16:26:00
How do they send spam from the server?
Spam is sent from the server hosting my sites (centos, exim).
Cleaned the mail queue (by the way, only 100 letters). Stopped exim, renamed /usr/sbin/sendmail to sendmail-renamed, also renamed /usr/sbin/exim to exim-renamed. Unblocked the port in the provider (soyoustart.com) in the control panel.
A few minutes later, 15, I received a letter again that they were sending spam again and blocked port 25 again.
In the provider logs:
Destination IP: 67.222.61.114 - Message-ID: [email protected] - Spam score: 300
Destination IP: 72.41.191.149 - Message-ID:
[email protected] - Spam score: 300
Destination IP: 66.96.132.107 - Message-ID : [email protected] - Spam score:300
Destination IP: 66.96.132.107 - Message-ID : [email protected] - Spam score: 300
Such domains I have, on the Message -ID nothing in the logs. And in general, there is nothing in the server logs today for these domains.
Even earlier, I set up logging of the execution of the mail function in PHP, there is nothing there either.
How is spam sent? What other options to find out the spam exit hole
2 answer(s)
@RicoX
S
Sergey Petrikov, 2014-12-05 @RicoX
Most likely, a malicious script was uploaded through the vulnerability on the site, read the note (I'm too lazy to retype it here) and catch it
www.inmotionhosting.com/support/email/exim/find-sp...
Similar questions
3
D
E
S
Stanislav Nekrasov2020-02-16 15:31:44
How to migrate sendmail settings from Windows to Linux?
3Reply
C
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question