On Tue, Jun 16, 2015 at 07:21:39PM -0700, Jithesh AP wrote:
> >This was created locally via the "sendmail" command. What user
> >account has "uid" 5005? If this is www-data or similar, you likely
> >have an insecure PHP script that is being exploited to send spam.
> >
> >Just look for any other log-entries with the same message-id:
> >
> > kflvqedfdosxjjhkebewy...@sfilc.com
> >
> >but also do quickly run "getent passwd 5005" and report the results.
>
> spamfilter:x:5005:5005::/usr/local/spamassassin:/bin/false
So you're injecting mail for filtering via this filter, now we need
to know where those are coming from. Which is the message-id search
is critical.
Also post your master.cf file.
--
Viktor.
