if multiple exim connections are the problem you should turn on extended logging:
To find the spammer:
edit /etc/exim.conf
and under: hostlist auth_relay_hosts = *
add the following:
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
Then tail the log file.. I like to use: tail -f /var/log/exim_mainlog |grep /home/ so that i can see a simplified list of where the spams are coming from.
When you have located the username/folder that is sending the email, please suspend the account.
then, /root/mailq to clear out the queue.
then restart exim AND httpd AND mysql
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment