Help needed! My server sends spam!

[Cybex]

Hello everybody,

I got an abuse mail from somebody that says I'm sending spam. I checked the mail queue and exim is indeed sending spam.

How do I check where the spam is from? Could be a script from a user on the server I guess, but how do I know where it is?


I also noticed that when the exim service is started with Directadmin it fires up 4 exim deamons! I have another server with Directadmin installed and that server only fires up 1 exim deamon. What could be wrong here?

[root@server etc]# ps aux |grep exim
mail     19257  0.0  0.1   7756  1148 ?        Ss   09:13   0:00 /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
root     19258  0.6  0.2   8016  2200 ?        S    09:13   0:00 /usr/sbin/exim -q
root     19322  0.0  0.3  10464  3244 ?        S    09:13   0:00 /usr/sbin/exim -q
mail     19323  0.0  0.2  10464  2088 ?        S    09:13   0:00 /usr/sbin/exim -q

any help is appriciated! Thanks!

 

[Cybex]

I think I found the problem. It seems an old version of Mambo had an exploit, I upgraded it and everything seems normal now.

 

[dannygoh]

Hi,

Can you tell me more about the Mambo exploit. I sort have the same problem but dont know where to start investigate.

 

[Cybex]

Check the version of your mambo installation and look for the current exploits that mambo version has got. To fix this just upgrade your mambo installation to the current version.

If you have real problems with spam sending you could start with this:

killall -9 exim (this will stop sending spam)
clear the mailqueue
upgrade Mambo
start the exim service via Directadmin again


HTH