[BlueOnyx:05188] Re: why emaillog does not contain sender account
Eiji Hamano (bluequartz)
bluequartz at hypersys.ne.jp
Fri Aug 6 05:00:04 -05 2010
Hi Chuck; Sorry for delay
Yes, fields labeled "ctladdr" are there.
And they are "the sender's address". I changed the account.
Then, the sapm log has gone.
Than you very much.
Eiji Hamano
From: Chuck Tetlow
To: BlueOnyx General Mailing List
Sent: Wednesday, August 04, 2010 2:09 PM
Subject: [BlueOnyx:05162] Re: why emaillog does not contain sender account
Eiji,
Look in the /var/log/maillog log file. Search for one of the TO addresses
that the SPAM is going to. Right after that send to address, there should
be a field labeled "ctladdr". This is the "control address" or the sender's
address.
If your SPAMMER is using a valid username/password to relay through your
server - that "ctladdr" is the username that is being used. It was probably
compromised. Change the password and see if it stops.
If not, the SPAMMER is using a webmail package - like OpenWebMail. Go to
/var/log and look in the log file for that webmail package
(/var/log/openwebmail.log for OpenWebMail). Again, do a search for one of
the usernames that the servers is sending the SPAM to. In that same line,
right behind the sender's IP address, is the username of the sender.
Again - change that user's password will probably fix it. If not, block
that IP from your server with IPTables and you're done with him.
Chuck
From: "Eiji Hamano \(bluequartz\)" <bluequartz at hypersys.ne.jp>
To: "BlueOnyx General Mailing List" <blueonyx at blueonyx.it>
Sent: Wed, 4 Aug 2010 13:49:33 +0900
Subject: [BlueOnyx:05160] why emaillog does not contain sender account
> Dear
>
> Someone is sending spam from my onyx server, sometimes.
>
> endmail[29014]: o5TEpd5D025084: to=<hunayixyay3791@*****.com.br>,......
>
> But I don't know the account which send spam.
> Why maillog does not contain sender account ?
>
> Eiji Hamano
>
More information about the Blueonyx
mailing list