It appears I have someone exploiting a form on a clients website. The problem is the site is massive and they have multiple forms. The email also appears to be valid as email is being sent to it. I can get the message id numbers but since they are delivered I can't view them because nothing is stored in /var/spool/exim/msglog or /var/spool/exim/input.
What I want to do is if mail is being _sent_ to that address I want it deferred in some way or even aliased over so I can see what form or forms are being exploited. Anyone know if this is possible? TIA -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
