Hello,
I have no idea where to look anymore. We have a customer that keeps sending spam even after the user is suspended. Is there anyone here that have any ideas? It's not a PHP-script, it seems to be sent directly from Exim. Example below, changed the domain sending to example.com.
/etc/virtual/usage/user.bytes:
I have no idea where to look anymore. We have a customer that keeps sending spam even after the user is suspended. Is there anyone here that have any ideas? It's not a PHP-script, it seems to be sent directly from Exim. Example below, changed the domain sending to example.com.
Code:
2015-05-15 11:32:31 1YtByj-0007pX-A0 <= [email protected] H=(mquych) [42.157.10.85] P=esmtp S=81358 [email protected] T="f" from <[email protected]> for [email protected]
2015-05-15 11:32:31 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1YtByj-0007pX-A0
Code:
2015-05-15 11:28:44 1YtBv3-0007a1-Bp <= [email protected] H=(hlquy) [58.251.146.170] P=esmtp S=131902 [email protected] T="Ո킓[¸½¼þ¼뉝" from <[email protected]> for [email protected]
2015-05-15 11:28:44 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1YtBv3-0007a1-Bp
2015-05-15 11:28:45 1YtBv3-0007a1-Bp => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=133664 H=aspmx.l.google.com [74.125.205.26] X=TLSv1:RC4-SHA:128 C="250 2.0.0 OK 1431682125 zk9si700506lbb.58 - gsmtp"
2015-05-15 11:28:45 1YtBv3-0007a1-Bp Completed/etc/virtual/usage/user.bytes:
Code:
69399=type=email&[email protected]&method=outgoing&id=1YtBuv-0007ZV-4V&authenticated_id=&sender_host_address=163.177.41.77&log_time=1431682114&message_size=69399&local_part=lvyuan&domain=jweflower.com&path=/
131902=type=email&[email protected]&method=outgoing&id=1YtBv3-0007a1-Bp&authenticated_id=&sender_host_address=58.251.146.170&log_time=1431682124&message_size=131902&local_part=sales&domain=nostarch.com&path=/
81358=type=email&[email protected]&method=outgoing&id=1YtByj-0007pX-A0&authenticated_id=&sender_host_address=42.157.10.85&log_time=1431682351&message_size=81358&local_part=sxldkm&domain=tsee.net&path=/