Slightly OT - Exim / Apache

Matt Kettler mkettler at EVI-INC.COM
Thu Dec 8 22:11:11 GMT 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michele Neylon :: Blacknight Solutions wrote:
> Over the last few weeks the number of attacks on forms hosted on our servers
> has reached new levels 
> Unfortunately the user id for the mail is set to apache, which makes
> tracking down the domain / user who has the vulnerable script very awkward
> I know there are solutions for sendmail which allow you to setup some way of
> tracing it back easily, but we haven't found any such solution for exim... 
> (we may be looking in the wrong places!)
> If anybody has any such solution I would really appreciate them sharing a
> link 

I don't know of any way to help you back-track, but I can suggest a way to
possibly forward-track. Have you tried using nessus in safe mode against the

In safe mode it's not 100% reliable, generally does a very good job of at least
giving you a list of things to check on. They have an extensive list of common
scripts with vulnerabilities.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list