Guys i need some help...I run linux servers...let me see how i can list the things we have...we run apache with sendmail protocol and a regular pop3...i have some problems with some people spamming and by the time i am able to track who they are they stop...or sometimes i can't even track them down and get listed on spam cop or blacklisted...and boy people get pissed...does anyone know any type of program i can use to be able to track these people down? besides from looking at the mail log??? or a better way i know that rackspace does have a way of tracking these people...thanks guys all my questions i have posted have been answered and i know yall will help....THANKS AGAIN.



Ja§oN :mad:

You need to know first how they relay through your server:

1. via open-relay sendmail
2. via some of your scripts, may be, formmail.pl

Tracking them down is one thing, but I suggest you should also close down any hole in your server, or they'll come back for more.

To trak them, if it's 1, you'll know from your maillog and the mail header. If it's 2, you'll know from your apache log file.

I'm hearing him say his server is secure, but it's people that sign up for his service that end up being the spammers. is there any monitoring software that will say "your user x has just sent out 10,000 messages in one day" or something similar? Sounds like something useful.

Sean

So I suppose his (mail) server is NOT an open-relay.
So the chance is that the spammers expose his
server through the like of formmail.pl that his
customers have installed.

"snort" could help him. www.snort.org.

Or simply, as root
# grep 'formmail.pl' < /usr/local/apache/logs/*.access_log | sort

and he'll see from the output roughly the people
who spam through 'formmail.pl'. YMMV.