A month or so ago there was discussions regarding trojans and backdoors and checking your logs for who is sending email.
There was one particular command that was given that seemed like it could work nicely: One way to find who is sending the most e-mails is to use this command: cat /var/log/maillog | grep from | cut -d " " -f7 | uniq -c | sort -nr | less I tried using that command on my system and it didn't give me the users that were sending out email but rather the actual files that are in the mqueue folder. So something like q57L4NQU004856 . I assume that is not the way it's supposed to work :) Is there something wrong with that command? Are there any useful commands that you guys use to check out on your systems? :) Thanks.
_______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
