Warning: xxxx emails have been sent yesterday by (user)

[Duccer]

Hi all, I have been searching forums and google, but can not find the specific answer.

My exim seems to be spamming, and I can not find the solution. Here is a line of exim mainlog where the outgoing e-mail succeeded. The '[email protected]' is an existing e-mailaccount on the server, but spam is not limited to this account. The spamscript seems to go over all possible usernames with [email protected]

2015-07-28 21:10:03 1ZKAGJ-000119-DO <= [email protected] H=(host67.khb.ttkdv.ru) [62.249.150.67] P=smtp S=854 [email protected] T="Re: 1 New QuickAffairAlert" from <[email protected]> for [email protected]
2015-07-28 21:10:03 1ZKAGJ-000119-DO => info <[email protected]> F=<[email protected]> R=virtual_user T=virtual_localdelivery S=967
2015-07-28 21:10:03 1ZKAGJ-000119-DO Completed

can anybody direct me to the source of the spam? or the exim.conf I need to edit?

Thanks!

 

[Duccer]

some more lines:

2015-07-28 10:52:05 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:
2015-07-28 10:52:05 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:
2015-07-28 10:52:05 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:
2015-07-28 10:52:05 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:
2015-07-28 10:52:05 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:
2015-07-28 10:52:05 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:
2015-07-28 10:52:05 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:
2015-07-28 10:52:05 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] incomplete transaction (RSET) from <[email protected]>
2015-07-28 10:52:15 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:
2015-07-28 10:52:15 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:
2015-07-28 10:52:15 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:
2015-07-28 10:52:15 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:
2015-07-28 10:52:15 H=fallback.axc.nl (ns3.uxw.nl) [159.253.5.241] F=<[email protected]> rejected RCPT <[email protected]>:

eostresworld.be = existing domain on server, user is trial and error I guess

 

[zEitEr]

Hello,

If it's incoming spam, then you might need to enable RBL and ESF.

Related: http://help.directadmin.com/item.php?id=577

 

[Duccer]

Hello,

If it's incoming spam, then you might need to enable RBL and ESF.

Related: http://help.directadmin.com/item.php?id=577

OK thanks! I'll look into it, but I am not as worried about the incoming spam as about the outgoing. Any ideas on that?