Does anyone know how to install mailmon? The instructions that came with it are VERY vague...I visited the compnay questions area and it was completely blank...they want charge for installation but I really don't wish to give root access to my servers...

Thanks!

I also bought MailMon and found it to be useless. I also found documentation be be vague and ultimately had to do to my credit card company to get a refund and the sites owner refused.

I was able to install it. Following the installation, 20 minutes later it caught the Spammer we suspected and DENIED the relay and blocked the messages!

The user tried to send over 300 messages in less than 1 and half minutes. Now I have the evidence I needed!

This tool rocks!

I was able to install it. Following the installation, 20 minutes later it caught the Spammer we suspected and DENIED the relay and blocked the messages!

The user tried to send over 300 messages in less than 1 and half minutes. Now I have the evidence I needed!

This tool rocks!

I'm sure we're all delighted about that, but you failed to answer the OP's question. Perhaps you could give him some guidance seeing as how the tool worked for you?

The installation instructions seemed vague because they were using terms and procedures that honestly "I've never needed or used before", like VI and chattr. Naturally, you feel lost... The instructions gave you "some" guidance" but they assume you know all the commands referenced..

Some of the things I ran into:

Passwords- Careful what passwords you use, I've always used characters (%,#,@) for passwords, in this case they didn't work, I couldn't connect to the database.

Database - The also mention creating a database, but don't mention creating a user for the database.

The test file included must be chmod to 744, or you get errors.
I used WinSCP for this process.

Once installed properly the mailmon.log file started to grow with mail entries, here is an example, if you had a limit of 50 messages every 900 secs you would get something like this after the 50th message was sent and they would be blocked:

[Fri Nov 11 18:01:03 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 51] [Limits: 50 / 900 seconds] Mail delivery BLOCKED
[Fri Nov 11 18:01:03 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 52] [Limits: 50 / 900 seconds] Mail delivery BLOCKED
[Fri Nov 11 18:01:04 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 53] [Limits: 50 / 900 seconds] Mail delivery BLOCKED
[Fri Nov 11 18:01:04 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 54] [Limits: 50 / 900 seconds] Mail delivery BLOCKED
[Fri Nov 11 18:01:04 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 55] [Limits: 50 / 900 seconds] Mail delivery BLOCKED
[Fri Nov 11 18:01:04 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 56] [Limits: 50 / 900 seconds] Mail delivery BLOCKED

In this case the user tried sending 3000 messages, MailMon caught it. Messages are dumped in the MailMon.junk file, there you can read the actual messages and headers that were sent. After reading the message it was clear what the user was doing. This first 50 messages got out, but not the rest hehe...after reviwing the info I immediately canceled the account, e-mailed them of doing so and why, and then refunded the money. Have not heard any word from the user...

@josev

Can you please send me procedure you performed for installing MailMon software step by step ? And can you please tell me how purchasing of this software goes. I wrote to the company some questions but they did not write me back anything so I am not sure I will get software after paying.

Many thanks

The installation instructions seemed vague because they were using terms and procedures that honestly "I've never needed or used before", like VI and chattr. Naturally, you feel lost... The instructions gave you "some" guidance" but they assume you know all the commands referenced..

Some of the things I ran into:

Passwords- Careful what passwords you use, I've always used characters (%,#,@) for passwords, in this case they didn't work, I couldn't connect to the database.

Database - The also mention creating a database, but don't mention creating a user for the database.

The test file included must be chmod to 744, or you get errors.
I used WinSCP for this process.

Once installed properly the mailmon.log file started to grow with mail entries, here is an example, if you had a limit of 50 messages every 900 secs you would get something like this after the 50th message was sent and they would be blocked:

[Fri Nov 11 18:01:03 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 51] [Limits: 50 / 900 seconds] Mail delivery BLOCKED
[Fri Nov 11 18:01:03 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 52] [Limits: 50 / 900 seconds] Mail delivery BLOCKED
[Fri Nov 11 18:01:04 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 53] [Limits: 50 / 900 seconds] Mail delivery BLOCKED
[Fri Nov 11 18:01:04 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 54] [Limits: 50 / 900 seconds] Mail delivery BLOCKED
[Fri Nov 11 18:01:04 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 55] [Limits: 50 / 900 seconds] Mail delivery BLOCKED
[Fri Nov 11 18:01:04 2005] [User: XXXXXXXXXX] [Path Info: Path(/home/XXXXXXXXXX/public_html) File() Cmd(/usr/sbin/sendmail)] [Count: 56] [Limits: 50 / 900 seconds] Mail delivery BLOCKED

In this case the user tried sending 3000 messages, MailMon caught it. Messages are dumped in the MailMon.junk file, there you can read the actual messages and headers that were sent. After reading the message it was clear what the user was doing. This first 50 messages got out, but not the rest hehe...after reviwing the info I immediately canceled the account, e-mailed them of doing so and why, and then refunded the money. Have not heard any word from the user...

You give spammers refunds?! :eek4:

Any idea where I can find mailmon's documentation? Also, do you have any other suggestions of tools used to identify spammers?

Thanks!

Hello,

Refer to http://www.mycutelife.net/sanju/newtickethelp/mailmon.html

or
****************************************************************
cd /usr/src/
wget http://www.mycutelife.net/sanju/newtickethelp/mailmon/mailmon_1-3.tar.gz
tar -xvzf mailmon_1-3.tar.gz
cd /usr/src/MailMon
cp -f /usr/sbin/sendmail /usr/sbin/mon.bkp
wget http://www.mycutelife.net/sanju/newtickethelp/mailmon/mailmon.new
sed -e s/opteron.dnsprotect.com/$hostname/g mailmon.new > mailmon.temp;
cp -f mailmon.temp /usr/sbin/sendmail
cd /usr/sbin
chown root.mailtrap sendmail
chmod 755 sendmail
chattr +i sendmail
cd /var/log
touch mailmon.log
chmod 622 mailmon.log
touch mailmon.junk
chmod 622 mailmon.junk
mysql
mysql>create database mailmon2005;
mysql>grant all privileges on mailmon2005.* to mailmon2005@localhost identified by '123dsa';
mysql>use mailmon2005;
CREATE TABLE `limits` (
`id` int(11) NOT NULL auto_increment,
`user` varchar(20) NOT NULL default '',
`speedlimit` int(11) NOT NULL default '0',
`seconds` int(11) NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=6 ;
INSERT INTO `limits` VALUES (6, 'cpanel', 200, 3600);
CREATE TABLE `mailmon` (
`user` varchar(20) NOT NULL default '',
`timestamp` int(10) unsigned NOT NULL default '0',
`script_name` varchar(255) NOT NULL default '',
KEY `user` (`user`,`timestamp`)
) TYPE=MyISAM;
mysql> quit;
****************************************************************

Thanks
Sanju
www.mycutelife.net