[Wylug-help] Help needed with trying to identify spammer

John Craven jc at ukzone.com
Tue Nov 8 19:47:57 UTC 2011


At 19:41 08/11/2011 +0000, you wrote:


>On 8 November 2011 19:29, John Craven 
><<mailto:jc at ukzone.com>jc at ukzone.com> wrote:
>At 19:24 08/11/2011 +0000, you wrote:
>John,
>
>
>
> >I have been notified that a spammer is sending mail through my server.
> >I need help in finding out how this is happening.
>
>
>My server is running centos 5
>hth...
>First do your logs show evidence that these spams are originating from
>your system or being relayed by your system?
>
>
>I don't know where to look ????
>It has been suggested that I check my auth log, but I don't seem to have one.
>
>Have you seen any blowback?  If you are being spoofed (or otherwise)
>
>
>No. I haven't had any returned mail.
>you are very likely to see many non-delivery reports.
>
>Do you have a sample of an offending e-mail with the full headers?
>
>
>Email in previous email. Obviously "crossed in post".
>
>What mailer (MTA) are you running?  exim, sendmail?
>
>
>I'm running SENDMAIL
>
>Andrew
>
>
>
>At first look that looks like it's coming from a script. Where is your 
>website located?

The server is located in Preston, Lancashire.

I do run lots of scripts on the server, for different web sites (clients).
Is there any way of identifying what kind of script, or better still, which 
script.



>s/
>--
>Twitter: @sfgreenwood
>"post-apocalyptic allen keys"

=================================================

   Check out our British Country Music Web Sites

         http://www.countrymusic.org.uk
         http://www.bcmi-radio.co.uk

   Over 300,000 visitors a week

=================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wylug-help/attachments/20111108/ac96d90a/attachment.htm>


More information about the Wylug-help mailing list