Hi!
I need some advice regarding a problem I discovered today. I work mostly with windows-servers but I am also the semi-responsible for our one and only wordpress-server running on Ubuntu. The server is setup with multiple vhosts and some of the sites are using SMTP-plugins for sending and some are using the sendmail application which relays to a microsoft exchange-server. Something is now causing this server to send spam. Here is an short extract from the mail.log
Aug 16 19:55:17 localhost sm-mta[12882]: STARTTLS=client, relay=[192.168.1.10], version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-MD5, bits=128/128
Aug 16 19:55:17 localhost sm-mta[12872]: t7GHtHhO012870: to=nb014t3030@blueyonder.co.uk, ctladdr=www-data@localhost.localdomain (33/33), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=125809, relay=[192.168.1.10] [192.168.1.10], dsn=2.0.0, stat=Sent (201508161755.t7GHtHJZ012869@localhost.localdomain Queued mail for delivery)
Aug 16 19:55:17 localhost sm-mta[12877]: t7GHtHIa012875: to=stylo57@hotmail.com, ctladdr=www-data@localhost.localdomain (33/33), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=125801, relay=[192.168.1.10] [192.168.1.10], dsn=2.0.0, stat=Sent (201508161755.t7GHtHoQ012874@localhost.localdomain Queued mail for delivery)
Aug 16 19:55:17 localhost sm-mta[12882]: t7GHtHpW012880: to=betty.robertson2@btinternet.com, ctladdr=www-data@localhost.localdomain (33/33), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=125813, relay=[192.168.1.10] [192.168.1.10], dsn=2.0.0, stat=Sent (201508161755.t7GHtHiY012879@localhost.localdomain Queued mail for delivery)
Aug 16 19:55:17 localhost sm-mta[12885]: t7GHtH5G012885: from=www-data@localhost.localdomain, size=5808, class=0, nrcpts=1, msgid=201508161755.t7GHtHfH012884@localhost.localdomain, proto=ESMTP, daemon=MTA-v4, relay=localhost.localdomain [127.0.0.1]
Aug 16 19:55:17 localhost sendmail[12884]: t7GHtHfH012884: to=d.jackson11@btinternet.com, ctladdr=www-data (33/33), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=35569, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (t7GHtH5G012885 Message accepted for delivery)
Aug 16 19:55:17 localhost sendmail[12889]: t7GHtHwe012889: from=www-data, size=5560, class=0, nrcpts=1, msgid=201508161755.t7GHtHwe012889@localhost.localdomain, relay=www-data@localhost
Aug 16 19:55:17 localhost sm-mta[12887]: STARTTLS=client, relay=[192.168.1.10], version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-MD5, bits=128/128
I cannot see in the log who or what is triggering the spams, and now I need some help :/.
192.168.1.10 is the internal Exchange-server.
[link][2 comments]