2010/1/5 Sam Varshavchik <[email protected]> > Graham Smith writes: > > Hi, I've been running a Courier mail server for a few years now but in the >> last few days I've become concerned that I might be sening out some spam. >> I'm getting a number of bounces which are reported as being sent from >> r...@localhost on my server (I've blanked out the addresses myself). >> There are two examples below. >> >> Jan 5 13:46:46 lighthouse courierd: >> started,id=009A9559.4B3ACF8B.00001983,from=<r...@localhost>,module=esmtp,ho >> st=######.##,addr=<#...@######.##> >> >> Jan 5 13:46:46 lighthouse courieresmtp: >> id=009A9559.4B3ACF8B.00001983,from=<r...@localhost>,addr=<#...@######.##>: >> 554 Sorry, message looks like SPAM to me >> Jan 5 13:46:46 lighthouse courieresmtp: >> id=009A9559.4B3ACF8B.00001983,from=<r...@localhost>,addr=<#...@######.##>,s >> tatus: failure >> >> >> Jan 5 14:19:26 lighthouse courierd: >> started,id=009AADE8.4B3ACFEC.000036FE,from=<r...@localhost>,module=esmtp,ho >> st=******.**,addr=<**...@******.**> >> >> Jan 5 14:19:28 lighthouse courieresmtp: >> id=009AADE8.4B3ACFEC.000036FE,from=<r...@localhost>,addr=<**...@******.**>: >> No route to host >> Jan 5 14:19:28 lighthouse courieresmtp: >> id=009AADE8.4B3ACFEC.000036FE,from=<r...@localhost>,addr=<**...@******.**>, >> status: deferred >> >> The vast majority are like the second one and just get deferred for ever >> but a few are like the first one an appear to be getting through to a remote >> server. I think I'm sending out the mail but I can't be sure. What do I need >> to check? >> > > Well, find out what's in those messages. Look in the > /var/spool/courier/msg[sq] >
I don't have a /var/spool/courier directory. I have a /var/spool/mail directory which is currently empty. There is also a /var/spool/postfix which I presume was created when I first installed the machine. The server is running Debian stable and is fully up to date. Although I haven't been able to find out what is in the messages through the message spool I'm sure they are spam. From looking at the bounce it would appear that the messages are Poste Italiane phishing spam. This morning I woke to find 500+ bounces in my in box which is more mail than this server should send in a week and it was all to Italy where we have no dealings. What I can't tell is whether my server is sending this mail (I think it probably is) and if so how are the black hats getting in to send it. > > > ------------------------------------------------------------------------------ > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast and > easy > Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > _______________________________________________ > courier-users mailing list > [email protected] > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > >
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
