Is someone spamming through me?

[Jody Cleveland]

Hello,

> I have had this experience many times..... and it was always the same 
> answer. An exploitable  PHP script allows a bad person to 
> spam via your server, the return address is your servers web user
probably 
> and that is probably aliased to you..... so you get all the
bounces....

I have it setup that I get server messages, so that's why I get those.
Now, is this most likely a webform I have on that server that people are
using? Is there a way to test those forms?

> Its hard to fin these scripts... this is why in MS i make sure that i 
> scan all outgoing mail too, especially from root or the web user...

That sounds like a good idea. What do I need to do to my existing setup
to get MS to scan outgoing mail? As far as this problem, what will that
do to help me? Does it prevent messages like that from going out?

> If you do a mailq, who are the emails from? nobody, www-data, 
> apache? if so then its is a bad script of sorts that allows "\n or \r"

> in the input variables....

Unfortunately, there aren't any there right now. But, yesterday I
cleared out the que and looked at the headers. They all said they were
coming from a hotmail address.

- jody