Being blocked with all ips. How possible.

[ozgurerdogan]

There are 4 ips assigned to server.
Ip1 is used by apache and ip2 is assigned to exim outbound and mx.
How comes Ip3 and Ip4 is also blocked by rBLs?

I just can not find spammer. I looked all logs. And did all what is suggested in help section.

BTW, there are lots of spam issues, why is it so hard to find a perfect solution? There are lots of "look at logs, search for...., enforce users..." suggestion. But why there is no system level solution for internal spamming? Is it that hard to find one?

 

[zEitEr]

Hello,

Make sure you have no suspicious processes running in memory which might be used to send spam. That might be even a copy of httpd process (csf/lfd does not detect it) running on an not-standart TCP port.

 

[Richard G]

We had the same issue, still having it on another server.
On the first server it was an email account from which the password got stolen via malware on the user's pc.
But we got a heck of a problem discovering which email adres is abused on server 2, because in both cases the hackers use a "normal" email traffic. They don't send out hundreds of spam mails otherwise it would be discovered fairly fast.