I'll start off by assigning myself the biggest "blame token", since we're running version 3.7 (which is really old). We're in the process of converting, however....
Got a trouble ticket today that we've been reported as a spammer, here's a trace of the email:
Quote:
[ Offending message ]
Return-Path:
www-data@mouseowners.comReceived: from pierre.telenet-ops.be (LHLO pierre.telenet-ops.be)
(195.130.132.34) by zcsnocm14.telenet-ops.be with LMTP; Thu, 2 Aug 2012
20:13:20 +0200 (CEST)
Received: from mouseowners.com ([173.255.231.65])
by pierre.telenet-ops.be with bizsmtp
id huDK1j02n1RK5Mp01uDLhq; Thu, 02 Aug 2012 20:13:20 +0200
Delivered-To: x
Received: by mouseowners.com (Postfix, from userid 33)
id 5467E1CCF6; Thu, 2 Aug 2012 13:13:19 -0500 (CDT)
To: x
Subject: Kn0w How T0 Build Y0ur 0wn Free-ELECTRIC.ITY
X-PHP-Originating-Script: 1000:class_mail.php
From: "The DVC Boards at MouseOwners.com - the place to talk DVC and Walt Disney World" <webmaster@mouseowners.com>
Auto-Submitted: auto-generated
Message-ID: <2012___________________a8ae@mouseowners.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Date: Thu, 2 Aug 2012 13:13:19 -0500 (CDT)
That's clearly from my machine, and it's even in the postfix logs, so (thankfully, I guess) whatever is living on my machine isn't just going out to remote port 25s directly.
Has anyone ever seen this before, and know what script I might want to look for? I'm going off next to diff my public_html directory against a known-working snapshot I have to see if anything changed.
Failing that, is it just best to "nuke it from orbit", scrub the machine, and reload my database?