Hi Drav, Thank you for your answer. My web server and email server are the same.
I don't know what to look for in the web logs. I just looked in the acces_log and find one GET on awstats cgi that doesn't seems abnormal. Could you help me ? Regards Paul. Drav Sloan a écrit : > Paul LUNETTA wrote: > >> Hi, >> >> I am pretty sure that i have a breach in my security. >> I doubled the capacity of SMTP accepted >> >> smtp_accept_max = 100 (instead of 50) >> smtp_accept_max_per_host = 50 (instead of 25) >> >> and it has been fullfilled while there was only 2 internal users connected ! >> >> I made some "open relay" tests. All say "ok" >> How can I really test my security and/or trace these spammers ? >> >> Thank you if you can help and sorry for my poor english. >> > > I note that in the original post (tho obfusicated), that a web > server was involved. Is there a rogue cgi which is being used > to submit mail perchance? You could check your web logs to > confirm. > > Regards > > D. > -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
