[BlueOnyx:01520] Re: Slammed with Spammer

Ken Marcus - Precision Web Hosting, Inc. kenmarcus at precisionweb.net
Sat Jun 27 23:58:55 PET 2009

----- Original Message ----- 
From: "Steve Davis" <steve at zio.com>
To: <blueonyx at blueonyx.it>
Sent: Saturday, June 27, 2009 10:04 AM
Subject: [BlueOnyx:01513] Slammed with Spammer

> Having an issue with an old enemy on a new BO box.
> net.tw,
> gov.tw
> org.tw
> net.tw
> com.tw
> take your pick.
> Some how, they must know one of the emails userid and password on the
> box and are sending 4000 - 5000 spams per hour into my mail queue.
> I have turned off PopBeforeSMTP, so probably not sending email out.
> Probably.
> How do I tell which account is being used to connect.
> Any other suggestion of course is always appreciated.
> Steve

Look carefully at the one of the spam mail files in /var/spool/mqueue
You will either see the username or at least the IP.

If you know the IP, then just  check the mail log for a login with that IP.
E.g if the IP was  123.456.789.10 then

cat /var/log/maillog | grep  ogin | grep   123.456.789.10

Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.

More information about the Blueonyx mailing list