exim like open relay problem

[classic2009]

hi,

i have cpanel with exim as mail server
i checked if it is open relay and it is not
i disable user nobody to send mails (php and cgi)
but i have spammers in my server, don't know how
they send mails from my server, when i check the
cpanel mail queue i saw that thay send mails from
domains doesn't exists in my server,so i telnet to
myserver

telnet localhost 25

helo localhost

mail from:[email protected]

rcpt to:[email protected]
accepted

data
test
.

quit

and it send the mail,so localhost can send any emails he wants
([email protected]) is not localdomain!!!!

so how i disable localhost from sending mails except if
the sender is a real user @ my real local domain

please help me, my server now in blocked, because it send more and
more spams.

thanks.

 

[madaboutlinux]

Abuse - ********** - SPAM - IMMEDIATE ACTION REQUIRED - 6536964 - Post Count 12 - Web Hosting Talk

should help you out. You can also add your own rules to that list and apply as suggested.

 

[classic2009]

thanks

but i want too that localhost cant send emails with fake sender from
my server like i did with telnet command.

 

[classic2009]

please need help

 

[classic2009]

hi,

my issue i am new to exim and cpanel
i just prefare sendmail with my manual configuration .

so i run netstat -panel | grep :25

and i saw perl (x.pl) scripts run on port 25

so i did ps -ef | grep x.pl

and saw the user how run the scripts and suspend his account

and closed port 25 from remote connection too by iptables .

till now tho spammer stopped, so my be it solved .

thanks

 

[madaboutlinux]

Emails won't work if you close down port 25. The remote mail servers won't be able to connect to your mail server and emails won't come in so remove port 25 from iptables.

 

[classic2009]

hi,

yes i know, i am disable only for some time, just to watch the log
for my server when relay, and i opened today.

thanks for your support.