<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi Steffan.<br>
      <br>
      On 7/6/2012 4:50 PM, Steffan wrote:<br>
    </div>
    <blockquote cite="mid:002a01cd5b43$9955dcd0$cc019670$@nl"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <meta name="Generator" content="Microsoft Word 12 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.E-mailStijl17
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US">Webmail is almost empty so that is not the
            problem<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US">Is it possible to hack in to a site with httpd
            <o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US">Then use your own script to send out email
            without <o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US">Logging it in to maillog.<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="font-size: 11pt; font-family:
            "Calibri","sans-serif"; color: rgb(31,
            73, 125);" lang="EN-US">It looks like it is not a php
            script, that will be logged in the email log.</span></p>
      </div>
    </blockquote>
    <br>
    Try this:<br>
    <br>
    watch lsof -n -i tcp:25<br>
    <br>
    This will update your screen every 2 seconds - reporting running
    processes that listeners on port 25, or current open connections
    (both inbound and outbound) on port 25. Look for any process names
    other than the normal sendmail daemon to get an idea of what is
    happening.<br>
    <br>
    Regards,<br>
    Greg.<br>
    <br>
    <br>
    <blockquote cite="mid:002a01cd5b43$9955dcd0$cc019670$@nl"
      type="cite">
      <div class="WordSection1">
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US"><o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US">Steffan<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
            lang="EN-US"><o:p> </o:p></span></p>
        <div>
          <div style="border:none;border-top:solid #B5C4DF
            1.0pt;padding:3.0pt 0cm 0cm 0cm">
            <p class="MsoNormal" style="margin-left:35.4pt"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Van:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
                <a class="moz-txt-link-abbreviated" href="mailto:blueonyx-bounces@mail.blueonyx.it">blueonyx-bounces@mail.blueonyx.it</a>
                [<a class="moz-txt-link-freetext" href="mailto:blueonyx-bounces@mail.blueonyx.it">mailto:blueonyx-bounces@mail.blueonyx.it</a>] <b>Namens </b>Chuck
                Tetlow<br>
                <b>Verzonden:</b> donderdag 5 juli 2012 19:25<br>
                <b>Aan:</b> BlueOnyx General Mailing List<br>
                <b>Onderwerp:</b> [BlueOnyx:10932] Re: server beinng
                abused<o:p></o:p></span></p>
          </div>
        </div>
        <p class="MsoNormal" style="margin-left:35.4pt"><o:p> </o:p></p>
        <p class="MsoNormal" style="margin-left:35.4pt">If you're got
          OpenWebMail or another webmail package - look in its logs. 
          We've had some easy passwords guessed and then the webmail was
          abused to send out crapola. <br>
          <br>
          <br>
          <br>
          Chuck <br>
          <br>
          <br>
          <span style="font-size:10.0pt"><br>
            <br>
            <b>---------- Original Message -----------</b> <br>
            From: "Steffan" <<a moz-do-not-send="true"
              href="mailto:general@ziggo.nl">general@ziggo.nl</a>> <br>
            To: "'BlueOnyx General Mailing List'" <<a
              moz-do-not-send="true"
              href="mailto:blueonyx@mail.blueonyx.it">blueonyx@mail.blueonyx.it</a>>
            <br>
            Sent: Thu, 5 Jul 2012 19:12:06 +0200 <br>
            Subject: [BlueOnyx:10931]  server beinng abused <br>
            <br>
            > Hello, <br>
            > <br>
            > I have a server that is getting blacklisted <br>
            > Spamhaus says it is a email issue <br>
            > <br>
            > There is nothing in the logs <br>
            > Looks like someone is sending emails without the server
            is logging it <br>
            > How to find this problem ? <br>
            > <br>
            > Cant find any post commands in the httpd log <br>
            > <br>
            > Server is 5106 R and has abouth 100 sites <br>
            > <br>
            > _______________________________________________ <br>
            > Blueonyx mailing list <br>
            > <a moz-do-not-send="true"
              href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a>
            <br>
            > <a moz-do-not-send="true"
              href="http://mail.blueonyx.it/mailman/listinfo/blueonyx"
              target="_blank">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a>
            <br>
            <b>------- End of Original Message -------</b> </span><o:p></o:p></p>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Blueonyx mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a>
<a class="moz-txt-link-freetext" href="http://mail.blueonyx.it/mailman/listinfo/blueonyx">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a>
</pre>
    </blockquote>
    <br>
    <br>
  </body>
</html>