spam emails from domains on my server
spam emails from domains on my server
So I noticed that my server seemed to get unreliable recently, at which point I noticed that my exim queue was hundreds of thousands of messages long. I had recently tried to set up email on one of my domains but my server IP was blacklisted. Now I understand why!
It seems that even after disabling email for the offending domains in Vesta, the domains are still able to send email with exim?
So, I have several questions -
1. How might they be getting access?
2. How can I stop them?
3. Why is the queue still raising even when exim is disabled in Vesta?
4. How can I tell where the intrusion is initiating from and block it?
Any help much appreciated. Cheers!
It seems that even after disabling email for the offending domains in Vesta, the domains are still able to send email with exim?
So, I have several questions -
1. How might they be getting access?
2. How can I stop them?
3. Why is the queue still raising even when exim is disabled in Vesta?
4. How can I tell where the intrusion is initiating from and block it?
Any help much appreciated. Cheers!
Re: spam emails from domains on my server
Use mailq for see your log queue.
exim -Mvh message-id-from queue -- headers
exim -Mvb message-id-from queue -- body message
Search php script, which send all this spam mail.
It seems from php-shell.
You can use maldet for search this php-shell - https://www.rfxn.com/projects/linux-malware-detect/
exim -Mvh message-id-from queue -- headers
exim -Mvb message-id-from queue -- body message
Search php script, which send all this spam mail.
It seems from php-shell.
You can use maldet for search this php-shell - https://www.rfxn.com/projects/linux-malware-detect/