NoBaloney2
NoBaloney Internet Svcs.
We've got a spammer sending through one of our servers:
What we're seeing is a spammer who's sending mail by an smtp connection to exim from the localhost (127.0.0.1).
The logs don't show us what user is making the connection. We really need to allow mail from 127.0.0.1 or our webmail won't work.
Anyone come up with this before? How did you find the problem? Any idea how to make whatever change is required so we can see what program is connecting to 127.0.0.1?
Barring that, any other ideas?
The server appears fine according to latest versions of both rkhunter and chkrootkit.
Thanks in advance for any help. If we can come up with a fix we'll build it into spamblocker.
Thanks.
Jeff
What we're seeing is a spammer who's sending mail by an smtp connection to exim from the localhost (127.0.0.1).
The logs don't show us what user is making the connection. We really need to allow mail from 127.0.0.1 or our webmail won't work.
Anyone come up with this before? How did you find the problem? Any idea how to make whatever change is required so we can see what program is connecting to 127.0.0.1?
Barring that, any other ideas?
The server appears fine according to latest versions of both rkhunter and chkrootkit.
Thanks in advance for any help. If we can come up with a fix we'll build it into spamblocker.
Thanks.
Jeff
Last edited: