|
|
||||
possible/certain spam problem?
Hello,
Can anyone identify what is going on with my server .. I can see its some kind of spam problem .. but no idea who is sending it .. what should I do, here are some logs .. : Quote:
|
|
||||
These Exim logs give me a headache, but it looks like your server acts as either an open relay or as a smarthost for another compromised server in your network. Your server is trying to deliver mail to some bad addresses on behalf of other addresses that do not appear to be yours, and when that fails, it tries to deliver bounces to those bad addresses, causing a plethora of delivery attempts, bounces, etc.
One quick example: Code:
2009-01-18 15:39:33 [12484] 1LOYoH-0003F6-BQ ** kiw1@school.edu.ru F=<marisha@unitelco.com> R=fail_remote_domains: The mail server could not deliver mail to kiw1@school.edu.ru. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. Anyway: find out whether your mailserver or any other server in your network acts as an open relay or an injection point for spam. |
|
||||
Well, I tried to relay mail through your server, and that doesn't work, so your server itself is not an open relay. Does your server act as an outgoing mail server for other servers/desktops in your LAN/network, or is there a web application on your mailserver? I see a lot of connections from localhost, so there may be a web application being abused by external parties (think of webforms, formmail, php forms, guestbooks, etc.). Though usually spam through a webserver has something like www@localhost or wwwrun@your.server.com as the sender address.
|
|
||||
P.S.: what you need to do now is to take a good hard look at your maillogs and try to find out where these marisha@ addresses enter your mailserver (correlating with the logged SMTP connections). If they're all coming from localhost, some process on your mailserver (like a webserver) is being abused, if they're all coming from addresses in your network, another server, desktop or workstation is the source of the problems.
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
block spam | milo974 | OpenBSD Security | 1 | 26th May 2009 11:30 AM |
Silencing gconfd spam in syslogd... | BSDfan666 | Guides | 0 | 12th December 2008 10:01 PM |
spam spam spam | LateNiteTV | Feedback and Suggestions | 7 | 19th July 2008 05:15 PM |
MX Anti-Spam measures | cajunman4life | General software and network | 4 | 13th July 2008 08:00 PM |