[wplug] figuring out where mail sent from your box came from
smk at fyi.net
smk at fyi.net
Fri Nov 18 10:11:34 EST 2005
Do you have a web server running? It sounds like it could be a formmail or
like script that somebody is using as an open relay. In that case, I
would check with your web servers access logs. The postfix logs should
help you pin down a time.
Do you use this box as a SMTP server? Also, I would hope that its not set
as an open relay. (Anybody can send through it) I dont think its
possible to shut down the MTA completely -- because you need it to process
mail for cron and such, but maybe you should set it to only deliver
locally?
> Seems like someone was spamming AOL from one of my boxes.
>
> How can I tell from the logs whether this was a user on my box sending
> mail from the box, or someone relaying mail from an outside server?
>
> I'm assuming if someone is sending it from an outside server, I can simply
> block port 25 and be done with it?
>
> I'm running postfix on Mandrake, BTW.
>
> --
> [=============================================================================]
> Russ Schneider (a.k.a. Sugapablo) -> http://www.sugapablo.net
> [=============================================================================]
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
More information about the wplug
mailing list