Results 1 to 2 of 2
  1. #1
    Join Date
    Nov 2000
    Location
    localhost
    Posts
    3,771

    Forged From: Header in Exim - Urgent Help!

    I have someone sending SPAM from one our servers. The user id is nobody/mail which isn't much help could any one of our users. The message doesnt link to any of our hosted sites and the From: header has been forged.

    Nightmate. Having a lot of trouble tracking this. In the meantime I want Exim to check outgoing mail to ensure that the From: header is in /etc/localdomains. It seems that it is not doing this.

    Any suggestions?
    MattF - Since the start..

  2. #2
    Join Date
    May 2002
    Location
    UK
    Posts
    1,622

    Re: Forged From: Header in Exim - Urgent Help!

    Originally posted by MattF
    I have someone sending SPAM from one our servers. The user id is nobody/mail which isn't much help could any one of our users. The message doesnt link to any of our hosted sites and the From: header has been forged.
    Ahh... nightmare! When I've encountered this I use grep to search php (and maybe others such as txt) files on a common phrase or header in the emails. Can take some time but can also work.

    Originally posted by MattF
    In the meantime I want Exim to check outgoing mail to ensure that the From: header is in /etc/localdomains. It seems that it is not doing this.
    As far as I know, cPanel's Exim doesn't do this but I'd be interested in how to acheive it too. I'm not too hot with hacking up the exim.conf but plan on doing some research into this.
    Last edited by Jim_UK; 03-18-2004 at 10:47 AM.
    Chief brew-maker at several hosting brands since 2002.

    FLXI | UK based, cPanel/WHM reseller hosting
    Pay-as-you-go billing, why pay for what you don't use?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •