I'm having a bit of confusion tracking down a spammer on the server. It seems that they are using SMTP for their spamming activities, but the weird thing is that I cant get a username or an ip because when they spam its showing it from localhost 127.0.0.1... I have some snippets from the WHM Manage Mail Queue:
A short time ago, a friend shared the following thought....
The definition of INSANITY is.....doing the same things over and over, and expecting different results......
When you think about it, it\'s absolutely true. If you are not happy with your situation for any reason....whether you desire more time....more money....more freedom in general....
You must change from the way you have always done things.
I\'m really not trying to sell you anything.....but I will share with you information that can help you accomplish all of your lifes goals.....and take control of your financial destiny....
Take the next 5 minutes and watch my short movie....Just click on the link, and you will start down the path so many others have followed to achieving their dreams....
2005-07-31 19:12:21 SMTP connection from localhost (ultrafastreply.com) [127.0.0
.1]:39879 I=[127.0.0.1]:25 closed by QUIT
2005-07-31 19:12:21 1DzMyj-0001nT-87 <= [email protected] H=localhost (the
replyzone.com) [127.0.0.1]:39881 I=[127.0.0.1]:25 P=esmtp S=1636 id=93875628444. [email protected] T="Remember that part-time gig?" from <monica@
thereplyzone.com> for [email protected]
2005-07-31 19:12:21 SMTP connection from [127.0.0.1]:39884 I=[127.0.0.1]:25 (TCP
/IP connection count = 2)
2005-07-31 19:12:21 SMTP connection from localhost (thereplyzone.com) [127.0.0.1
]:39881 I=[127.0.0.1]:25 closed by QUIT
I'm usually able to fix things like this but this is something else to me. I've tailed the logs as well as installed phpsuexec and a sendmail mod that helps with tracking, added the choon mod for php script mail tracking.
The above domains arent hosted on our servers either. Any and all help will be greatly appreciated.