Soumplis' Personal Web Site » Mail http://www.soumplis.com Soumplis Alexandros Personal Web Site Mon, 16 Jan 2012 23:16:03 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Spammer Nightmare http://www.soumplis.com/2010/02/03/spammer-nightmare/ http://www.soumplis.com/2010/02/03/spammer-nightmare/#comments Wed, 03 Feb 2010 14:59:38 +0000 asou http://www.soumplis.com/?p=21 Well it happened to me today a strong fight against a spammer on one of my servers. I had a very hard time tracking down the originator of the spam as it was a shared hosting server and the spammer had gained, among others, ftp access to the exploited account. Thus it was easy to hide the spam sending code within a legitimate and ordinary looking php script which implemented its own SMTP engine. This way there where no logs on my Exim SMTP server log files and I had to examine Apache log files for every single hosting account on the server.

It has been a good lesson for me and my next move was to disallow anyone besides root and Exim to send mail to be able to connect to remote MTAs. Thanks to Linux iptables it was feasible and quite easy with a rule similar to this:

/sbin/iptables -I OUTPUT –protocol tcp –dport 25 -m owner –gid-owner 47 -j ACCEPT

Next step was to clean my exim queues from bounce backs and various junk due to the thousands of e-mails send out to the Internet. As always I had to dig my notes and find the appropriate commands so I decided to post them on my fellow site, here.

]]> http://www.soumplis.com/2010/02/03/spammer-nightmare/feed/ 0