cibonato
Apprentice
Joined: 25 Apr 2006
Posts: 200
Location: Macross City
|
 Posted: Thu Nov 16, 2006 2:14 pm Post subject: Exim and Spam. |
 |
|
Ladies and genttlemen... I'm starting at a new job and the very first thing I must do is stop the spam the mail server (Exim 3.35) is relaying. I've checked Exim's configuration and tested the server with http://abuse.net/relay.html, it does not seem to be an open relay server and just the mail related to the local domain is permitted to be relayed. However, it's posible to see at the logs, e-mail coming from outside the local domain and being relayed to another domain different of mine.
My point of view: some computer inside the domain is sending spam through the mail server. I mean, somehow this infected (hacked) machine is changing the mail headers and sending it to the server in an way the server thinks it is valid mail.
The local domain belongs to an university's institute and there are already colleagues institutes (from the same university) filtering our mail (the legal one).
So... any hints of how to find this or these infected machine(s)? It (they) could be Linux or Windows computers. I've runned rkhunter and chkroot on the server and everything went fine, I mean, no warnings about vulnerabilities.
Thank you!!!
 
_________________
64 Bits, good good! |
|
Networking & Security
