Serious Exim Problem - Spam / Virus ????
I've had a serious problem with a spammer or virus or something on my server for the last 24 hours. Exim is going crazy every now an then - especially each time I restart exim - there are a heap of exim processes which start runing, the Mail Queue is full of thousands of emails - all spam. The weird thing is I have MailMon setup also and MailMon Log says its the "root" user sending out these emails!!!!!!! So I have dope the following
1) I have run both chkrootkit and rkhunter rootkits - both from old installation and I also re-installed both from latest downloads - no rootkits found by either.
2) I have run clamscan on the whole server - it didn't come up with anything significant - anything it did come up with I killed already.
3) All the spam email have domains as follows:
fallenmail.com
definitivemail.com
theevilgoat.com
vinespace.com
Can someone tell me how can I get exim to simply block any emails with these domains (From field) from being sent by server.
Or does anyone have any handy tips for tracking this spamming down?
Thanks
