Hi All,
I'm currently having some spam problems. In the mail queue there are a lot of e-mail like this:
Headers:
Body chunk:
My TMP folder is mounted as noexec, and php mailer patch is installed (but nog X-php-script is added to these spam mails).
I've lookin in the exim logs, but can't find the user which is sending spam/or has leaky scripts.
Anyone who can help me with this?
I'm currently having some spam problems. In the mail queue there are a lot of e-mail like this:
Headers:
Code:
1N3TDo-00087g-R6-H
mail 8 12
<>
1256815876 0
-ident mail
-received_protocol local
-body_linecount 29
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1256815877
-localerror
XX
1
janinetinsley@charter.net
151P Received: from mail by myserverhostname.com with local (Exim 4.67)
id 1N3TDo-00087g-R6
for janinetinsley@charter.net; Thu, 29 Oct 2009 12:31:16 +0100
038 X-Failed-Recipients: hapke@alexco.com
029 Auto-Submitted: auto-replied
063F From: Mail Delivery System <Mailer-Daemon@myserverhostname.com>
030T To: janinetinsley@charter.net
059 Subject: Mail delivery failed: returning message to sender
052I Message-Id: <E1N3TDo-00087g-R6@myserverhostname.com>
038 Date: Thu, 29 Oct 2009 12:31:16 +0100
Body chunk:
Code:
1N3TDo-00087g-R6-D
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
hapke@alexco.com
all relevant MX records point to non-existent hosts
------ This is a copy of the message, including all the headers. ------
Return-path: <janinetinsley@charter.net>
Received: from [127.0.0.1] (helo=myserverhostname.com)
by myserverhostname.com with smtp (Exim 4.67)
(envelope-from <janinetinsley@charter.net>)
id 1N3TDo-00087c-Nm
for hapke@alexco.com; Thu, 29 Oct 2009 12:31:16 +0100
Date: Thu, 29 Oct 2009 12:22:14 +0100
From: <janinetinsley@charter.net>
Reply-To: <janinetinsley@charter.net>
X-Priority: 3
Message-ID: <01ca588a.583d623b@myserverhostname.com>
To: <hapke@alexco.com>
Subject: At fortyodd befell
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
They seek a southern lea
http://birniehuang0332.blogspot.com
My TMP folder is mounted as noexec, and php mailer patch is installed (but nog X-php-script is added to these spam mails).
I've lookin in the exim logs, but can't find the user which is sending spam/or has leaky scripts.
Anyone who can help me with this?