exim being used 4 spamming anonymously

Hi
I am in a fix here since my server is being hacked and spammers are taking it for granted.

My server IP is in the blocklist now ... ''
it is running on exim 4.5.x ... i think it is a relaying problem but am not able to decide how to create an ACL since if I manualy insert mail addresses of the authorized users it has to be updated daily..... and if the domains are added ''than may be spammers can take it for granted too.
help me to find out solution....

Thanx in Advance''

Is it incomming spam (DoS attack)?
If so, setup something like APF and the DoS monitor.

If its because your server is open to relaying, make sure your using the standard exim.conf file provided from DirectAdmin.

If you server is sending spam, you need to look for the source, it might be a rootkit or an expoited php or perl script. If you are using the DA exim.conf, then most likely your mail server is fine, and you need to examine your server.

Try using rkhunter to find rootkits, and as far as finding scripts that can be exploited for spamming, I don't know of any software. There are too many out there from prepackages scripts to ones developed in house. You might just need to look at all your http log files and see if you can find something suspicious.

Chances are it's a PHP exploit; there are a lot of them going around now.

Try to get a copy (including headers) of one of the pieces of spam.

Then look to see the Return-Path:; that'll be the user with the offending script.

Jeff

Or you can use the instructions in this thread to have it track the exact script that's being used to send out the mail.

Nice part about this is that AOL won't strip that out