Is someone spamming through me?

Martin Hepworth martinh at solid-state-logic.com
Wed Apr 26 14:24:10 IST 2006


Jody

Have a look at the headers for where the actual email initially came from -
if you've got MailWatch then it's easy, if not you'll have a trap a spool
file and look at that.

Of if you've got an actual example that got delivered.

As someone else said could be an exploitable php or application hole, I've
had this with awstats.pl before and php code.

But first of all you need to figure out which machine is really generating
these emails.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Jody Cleveland
> Sent: 26 April 2006 14:16
> To: MailScanner discussion
> Subject: RE: Is someone spamming through me?
> 
> Hello,
> 
> > You sure they are actually from your server and not someone
> > else's server
> > bouncing back invalid email addresses to the alleged sender
> > in a joe-job
> > style thing.
> 
> How do I check if that's the case? I looked at the maillog, and see a
> lot of these:
> 
> Apr 23 08:25:50 mystique postfix/qmgr[2324]: 964A8839FDA:
> to=<heberson at zipmail.com.br>, relay=none, delay=104247, status=deferred
> (delivery temporarily suspended: connect to
> smtp.zipmail.com.br[200.221.11.147]: server dropped connection without
> sending the initial SMTP greeting)
> 
> - jody
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************



More information about the MailScanner mailing list