Hello.
Your assuming that port 25 needs to be open on the local side to send
mail. this is not the case. There are two possibilities here.
1. A dirty IP was assigned to your server, and that the previous owner
had a spam issue.
2. It's a php exploit, that spawns a perl script to send outbound mail.
You don't need port 25 open to sendmail, that's only for receiving mail.
As long as you can connect outbound on port 25, mail can sent. Most
RBL's are dumb, and they don't record the port, only the IP of the
sending host. So, it's quite possible to have SMTP listening on port 25,
for receiving mail, and also have an exploit running, sending mail.
I work in the hosting industry and I have seen many cases where
customers have an exploited wordpress that is being used to spam
e-mails, while also having a 'valid' smtp server running.
Stefan Caunter wrote:
On FreeBSD you still need to install postfix from a port. The port install will allow you to switch the MTA preference but you still need to configure an rc entry. Once that is done and postfix starts it will grab the relevant TCP/IP ports. Note that scripts can generally access localhost port 25; any MTA will relay faithfully for a local client.
