durandel
03-04-2002, 11:42 AM
Someone will periodically send out bulk amounts of email through our server (virtual hosting environment), but I can't figure out where it's coming from. The "From" section just gives a vague identity (urldaily). Here's an exerpt from the maillog:
Mar 4 10:11:33 host7 sendmail[7081]: g24FBXL07081: from=urldaily, size=292, class=0, nrcpts=1, msgid=<200203041511.g24FBXL07081@host7.server.com>, relay=urldaily@localhost
Mar 4 10:11:33 host7 sendmail[5555]: g24F8Wv05540: to=someone@hotmail.com, ctladdr=urldaily (823/821), delay=00:03:01, xdelay=00:03:01, mailer=esmtp, pri=30295, relay=mx14.hotmail.com. [65.54.232.7], dsn=2.0.0, stat=Sent (Requested mail action okay, completed)
Mar 4 10:11:33 host7 sendmail[7084]: g24FBXG07084: from=urldaily, size=287, class=0, nrcpts=1, msgid=<200203041511.g24FBXG07084@host7.server.com>, relay=urldaily@localhost
Mar 4 10:11:33 host7 sendmail[7038]: g24FBSR07030: to=anyone@comnet.ca, ctladdr=urldaily (823/821), delay=00:00:05, xdelay=00:00:04, mailer=esmtp, pri=30288, relay=comnet.ca. [216.191.240.2], dsn=2.0.0, stat=Sent (g24FBWX24999 Message accepted for delivery)
Mar 4 10:11:34 host7 sendmail[7090]: g24FBYK07090: from=urldaily, size=303, class=0, nrcpts=1, msgid=<200203041511.g24FBYK07090@host7.server.com>, relay=urldaily@localhost
Mar 4 10:11:34 host7 sendmail[7089]: g24FBXL07081: to=anotheruser@hotmail.com, ctladdr=urldaily (823/821), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30292, relay=mx14.hotmail.com. [65.54.232.7], dsn=2.0.0, stat=Sent (Requested mail action okay, completed)
Mar 4 10:11:34 host7 sendmail[7096]: g24FBYT07096: from=urldaily, size=294, class=0, nrcpts=1, msgid=<200203041511.g24FBYT07096@host7.server.com>, relay=urldaily@localhost
Anyone know how to track this down so that I can lock out the sender's domain? Thanks.
Mar 4 10:11:33 host7 sendmail[7081]: g24FBXL07081: from=urldaily, size=292, class=0, nrcpts=1, msgid=<200203041511.g24FBXL07081@host7.server.com>, relay=urldaily@localhost
Mar 4 10:11:33 host7 sendmail[5555]: g24F8Wv05540: to=someone@hotmail.com, ctladdr=urldaily (823/821), delay=00:03:01, xdelay=00:03:01, mailer=esmtp, pri=30295, relay=mx14.hotmail.com. [65.54.232.7], dsn=2.0.0, stat=Sent (Requested mail action okay, completed)
Mar 4 10:11:33 host7 sendmail[7084]: g24FBXG07084: from=urldaily, size=287, class=0, nrcpts=1, msgid=<200203041511.g24FBXG07084@host7.server.com>, relay=urldaily@localhost
Mar 4 10:11:33 host7 sendmail[7038]: g24FBSR07030: to=anyone@comnet.ca, ctladdr=urldaily (823/821), delay=00:00:05, xdelay=00:00:04, mailer=esmtp, pri=30288, relay=comnet.ca. [216.191.240.2], dsn=2.0.0, stat=Sent (g24FBWX24999 Message accepted for delivery)
Mar 4 10:11:34 host7 sendmail[7090]: g24FBYK07090: from=urldaily, size=303, class=0, nrcpts=1, msgid=<200203041511.g24FBYK07090@host7.server.com>, relay=urldaily@localhost
Mar 4 10:11:34 host7 sendmail[7089]: g24FBXL07081: to=anotheruser@hotmail.com, ctladdr=urldaily (823/821), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30292, relay=mx14.hotmail.com. [65.54.232.7], dsn=2.0.0, stat=Sent (Requested mail action okay, completed)
Mar 4 10:11:34 host7 sendmail[7096]: g24FBYT07096: from=urldaily, size=294, class=0, nrcpts=1, msgid=<200203041511.g24FBYT07096@host7.server.com>, relay=urldaily@localhost
Anyone know how to track this down so that I can lock out the sender's domain? Thanks.