L
L
linelect2014-12-05 16:26:00
send mail
linelect, 2014-12-05 16:26:00

How do they send spam from the server?

Spam is sent from the server hosting my sites (centos, exim).
Cleaned the mail queue (by the way, only 100 letters). Stopped exim, renamed /usr/sbin/sendmail to sendmail-renamed, also renamed /usr/sbin/exim to exim-renamed. Unblocked the port in the provider (soyoustart.com) in the control panel.
A few minutes later, 15, I received a letter again that they were sending spam again and blocked port 25 again.
In the provider logs:
Destination IP: 67.222.61.114 - Message-ID: [email protected] - Spam score: 300
Destination IP: 72.41.191.149 - Message-ID:
[email protected] - Spam score: 300
Destination IP: 66.96.132.107 - Message-ID : [email protected] - Spam score:300
Destination IP: 66.96.132.107 - Message-ID : [email protected] - Spam score: 300
Such domains I have, on the Message -ID nothing in the logs. And in general, there is nothing in the server logs today for these domains.
Even earlier, I set up logging of the execution of the mail function in PHP, there is nothing there either.
How is spam sent? What other options to find out the spam exit hole

Answer the question

In order to leave comments, you need to log in

2 answer(s)
S
Sergey Petrikov, 2014-12-05
@RicoX

Most likely, a malicious script was uploaded through the vulnerability on the site, read the note (I'm too lazy to retype it here) and catch it
www.inmotionhosting.com/support/email/exim/find-sp...

G
Gem, 2014-12-09
@Gem

Send directly from PHP. Oh, and yes, rootkits also exist.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question