Spam being sent via smtp to localhost

NoBaloney2

NoBaloney Internet Svcs.
Joined
Jun 17, 2007
Messages
498
Location
California
We've got a spammer sending through one of our servers:

What we're seeing is a spammer who's sending mail by an smtp connection to exim from the localhost (127.0.0.1).

The logs don't show us what user is making the connection. We really need to allow mail from 127.0.0.1 or our webmail won't work.

Anyone come up with this before? How did you find the problem? Any idea how to make whatever change is required so we can see what program is connecting to 127.0.0.1?

Barring that, any other ideas?

The server appears fine according to latest versions of both rkhunter and chkrootkit.

Thanks in advance for any help. If we can come up with a fix we'll build it into spamblocker.

Thanks.

Jeff
 
Last edited:

chasjs

Verified User
Joined
Nov 1, 2004
Messages
48
Location
Colorado
Did you ever find an answer to this???? This started today on us.

How can I block 127.0.0.1?

Thanks

Chuck
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,243
Location
GMT +7.00
Hello Chuck,

You might need to remove 127.0.0.1 from relay_hosts

Search the forums for more details.
 
Top