Question
www-data sending spam mail hot to stop this?
www-data@domain name U=www-data P=local S=2299
2015-07-08 16:34:28 1ZCn9Q-0003u1-SL crammd5 authenticator failed H=smtp-********* [...] Error: authentication failed: authentication failure
2015-07-08 16:34:29 1ZCn9Q-0003u1-SL => alberto53141@outlook.com Alberto53141@outlook.com R=smarthost T=remotesmtpsmarthost H=smtp.....auth.iitb.ac.in [10.200.1.125] X=TLS1.0:RSAAES256CBC_SHA1:32 DN=“serialNumber=ds1qY45ldiSbrKEu29LdIyx57hEV0mpa,C=IN,ST=———-,L=——–i,O=—————–,OU=——————————–,CN=*.domain name”
2015-07-08 16:34:29 1ZCn9Q-0003u1-SL Completed
repeatadely going mails to different idies plz help i am newbie to exim. and linux also
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
One of your scripts on your website has been compromised.
let’s find the culprit. If you started getting this a day ago:
This will find all files modified in the last day
Change the “-1” to the number of days this has been going on
Also, try this:
This won’t catch them all, and there will be false positives, but it’s a place to start.
Also, stop postfix until you resolve this issue.
thanks JonsJava but in my exim4 logs, i m having logs from 29- jun 2015 to till today.
and in this logs showing all the activity above. i will try the above steps
JonsJava any clue ?????