Thread: Spam Mail
View Single Post
  #2  
Old 25th March 2013, 13:22
markc markc is offline
Member
 
Join Date: Dec 2012
Posts: 57
Thanks: 6
Thanked 9 Times in 9 Posts
Default

I find the 2 most common causes for outgoing spam are compromised passwords via phishing spams or brute forced POP scans and insecure mail forms via a website. The 1st generally shows up as a lot of bounces returning to a users Inbox, and then it's too late but a forced password change prevents more injections, and the 2nd can be detected by noticing a lot of outgoing smtp connections sourced from your own webserver IPs. To catch the 2nd one sometimes I rename /usr/sbin/sendmail to sendmail.orig and put in a shell script that logs the entire message and then calls sendmail.orig and that will reveal ongoing php/web sourced outgoing spam.

These points may be obvious to you, but it may help.
Reply With Quote