[BlueOnyx:01520] Re: Slammed with Spammer
Ken Marcus - Precision Web Hosting, Inc.
kenmarcus at precisionweb.net
Sat Jun 27 23:58:55 PET 2009
----- Original Message -----
From: "Steve Davis" <steve at zio.com>
To: <blueonyx at blueonyx.it>
Sent: Saturday, June 27, 2009 10:04 AM
Subject: [BlueOnyx:01513] Slammed with Spammer
> Having an issue with an old enemy on a new BO box.
> take your pick.
> Some how, they must know one of the emails userid and password on the
> box and are sending 4000 - 5000 spams per hour into my mail queue.
> I have turned off PopBeforeSMTP, so probably not sending email out.
> How do I tell which account is being used to connect.
> Any other suggestion of course is always appreciated.
Look carefully at the one of the spam mail files in /var/spool/mqueue
You will either see the username or at least the IP.
If you know the IP, then just check the mail log for a login with that IP.
E.g if the IP was 123.456.789.10 then
cat /var/log/maillog | grep ogin | grep 123.456.789.10
Ecommerce Web Hosting by
Precision Web Hosting, Inc.
More information about the Blueonyx