How do spammers do this??

ساخت وبلاگ

آخرین مطالب

امکانات وب

How do spammers do this??

I was checking my Exim mainlog for something and then suddenly I see a lot of lines coming in like this:

Code:

2023-09-02 04:26:30 SPFCheck: Soft Fail 95.xx.xx.xx
2023-09-02 04:26:32 H=server.companyhostname.nl [95.xx.xx.xx] incomplete transaction (QUIT) from <4[email protected]> for [email protected]

There was a real load of this.
Now the odd thing. This H=server.companyhostname.nl is one of our other servers. But I didn't get any notices of spam from there.

So I quickly thought I would block the server ip and then the mails stopped. And then I checked the exim queue on the other server, but that was empty. So my good guess it seems they manage to use some php script to mail as my other server's hostname is sending the helo.

Or would this be done in another way?

P.s. Since it's night, I checked the php-mail.log files >0kb and there were only 4. Which only 2 or 3 messages, so looks as if it's not php scripts.
And lsof -i:25 does not show any other mailserver running either.

DirectAdmin Forums...
ما را در سایت DirectAdmin Forums دنبال می کنید

برچسب : نویسنده : ایمان اصلاحی directadmin بازدید : 79 تاريخ : شنبه 11 شهريور 1402 ساعت: 14:15

آرشیو مطالب

پيوندهای روزانه

لینک دوستان

خبرنامه