#1  
Old 25th March 2013, 12:15
Happy Happy is offline
Member
 
Join Date: Jun 2007
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default Spam Mail

My mail server is on the Blacklist and I figured it was a client that might be causing the issue. However, since the office was closed this past weekend and all PC's were turned off. I am now thinking that maybe the mail server has been comprimised. Is there a way to tell? I pulled a lot of the mail logs last week and seen nothing strange, but not sure what I am looking for other than a bogus user.
Reply With Quote
Sponsored Links
  #2  
Old 25th March 2013, 13:22
markc markc is offline
Member
 
Join Date: Dec 2012
Posts: 57
Thanks: 6
Thanked 9 Times in 9 Posts
 
Default

I find the 2 most common causes for outgoing spam are compromised passwords via phishing spams or brute forced POP scans and insecure mail forms via a website. The 1st generally shows up as a lot of bounces returning to a users Inbox, and then it's too late but a forced password change prevents more injections, and the 2nd can be detected by noticing a lot of outgoing smtp connections sourced from your own webserver IPs. To catch the 2nd one sometimes I rename /usr/sbin/sendmail to sendmail.orig and put in a shell script that logs the entire message and then calls sendmail.orig and that will reveal ongoing php/web sourced outgoing spam.

These points may be obvious to you, but it may help.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
mysql and mail problem viritech General 3 16th October 2012 12:54
mail recipient linux_red Installation/Configuration 6 9th March 2012 14:24
Sendig mail Error fisherofer Installation/Configuration 12 30th November 2011 07:56
Postfix/courier/Centos 6 cant send email to external email servers maxtorzito Installation/Configuration 14 7th October 2011 10:56
Postfix reject connections gabrix Server Operation 27 25th January 2007 08:37


All times are GMT +2. The time now is 00:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.