[BlueOnyx:05162] Re: why emaillog does not contain sender account
Chuck Tetlow
chuck at tetlow.net
Wed Aug 4 00:09:07 -05 2010
Eiji,
Look in the /var/log/maillog log file. Search for one of the TO addresses that the SPAM is going to. Right after that send to address, there should be a field labeled "ctladdr". This is the "control address" or the sender's address.
If your SPAMMER is using a valid username/password to relay through your server - that "ctladdr" is the username that is being used. It was probably compromised. Change the password and see if it stops.
If not, the SPAMMER is using a webmail package - like OpenWebMail. Go to /var/log and look in the log file for that webmail package (/var/log/openwebmail.log for OpenWebMail). Again, do a search for one of the usernames that the servers is sending the SPAM to. In that same line, right behind the sender's IP address, is the username of the sender. Again - change that user's password will probably fix it. If not, block that IP from your server with IPTables and you're done with him.
Chuck
---------- Original Message -----------
From: "Eiji Hamano \(bluequartz\)" <bluequartz at hypersys.ne.jp>
To: "BlueOnyx General Mailing List" <blueonyx at blueonyx.it>
Sent: Wed, 4 Aug 2010 13:49:33 +0900
Subject: [BlueOnyx:05160] why emaillog does not contain sender account
> Dear
>
> Someone is sending spam from my onyx server, sometimes.
>
> endmail[29014]: o5TEpd5D025084: to=<hunayixyay3791@*****.com.br>,......
>
> But I don't know the account which send spam.
> Why maillog does not contain sender account ?
>
> Eiji Hamano
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
------- End of Original Message -------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20100804/6d47e2a0/attachment.html>
More information about the Blueonyx
mailing list