user-email-limit somehow leaks too many..
- Thread starter Duboux
- Start date
toml
Verified User
It is always possible that someone has some malware installed on your server that talks SMTP directly to the remote servers to send spam, therefore bypassing exim and the user-limits.
Did you see your server IP in email headers? Did the spam originate from your server? Or only domain from your server is specified in a "From" field?
toml
Verified User
It isn't that easy in linux to say only allow exim to connect to outgoing port 25, which is pretty much what you are looking for. You don't want to block it or all of your email will stop working. Best bet is to harden your system to prevent others from being able to do this at all. Also zEitEr does have a good point about making sure your server was the one that sent the spam, look at the headers and match the IP address to your server. It is possible that anyone could have just changed the "From:" header to match an email address that is hosted on your server. I see it all the time, and the first thing I do is look at the header to make sure that it didn't come from my server.
Do a search here to find the tips for hardening your server, like mounting /tmp with noexec, and perhaps disabling certain functions in php that could be used to create these connections. Of course disabling some of those functions in php (like the socket functions) could potentially break a customers script.
Do a search here to find the tips for hardening your server, like mounting /tmp with noexec, and perhaps disabling certain functions in php that could be used to create these connections. Of course disabling some of those functions in php (like the socket functions) could potentially break a customers script.