[BlueOnyx:01520] Re: Slammed with Spammer
Ken Marcus - Precision Web Hosting, Inc.
kenmarcus at precisionweb.net
Sat Jun 27 23:58:55 -05 2009
----- Original Message -----
From: "Steve Davis" <steve at zio.com>
To: <blueonyx at blueonyx.it>
Sent: Saturday, June 27, 2009 10:04 AM
Subject: [BlueOnyx:01513] Slammed with Spammer
> Having an issue with an old enemy on a new BO box.
>
> net.tw,
> gov.tw
> org.tw
> net.tw
> com.tw
>
> take your pick.
>
> Some how, they must know one of the emails userid and password on the
> box and are sending 4000 - 5000 spams per hour into my mail queue.
>
> I have turned off PopBeforeSMTP, so probably not sending email out.
> Probably.
>
> How do I tell which account is being used to connect.
>
> Any other suggestion of course is always appreciated.
>
> Steve
>
>
>
Look carefully at the one of the spam mail files in /var/spool/mqueue
You will either see the username or at least the IP.
If you know the IP, then just check the mail log for a login with that IP.
E.g if the IP was 123.456.789.10 then
cat /var/log/maillog | grep ogin | grep 123.456.789.10
----
Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.
http://www.precisionweb.net
More information about the Blueonyx
mailing list