Hash: SHA1

David Banning wrote:
> I have been blacklisted for spamming and I am attempting to ascertain the
> source. 
> I have a few networked windows boxes which route through a FBSD
> server. I also have around ten off-site users who sendmail via port
> 26 - using smtp password authentication. How do I determine which
> email going through the server is spam, and therefore identify the
> source?

First, you should take a look at mail headers to see if you can
determine what the issue could be. For instance, my SMTP provider's DNS
wasn't resolving properly with as of late, so my email was being marked
as spam by many users. This could be your case..

Using nmap / tcpdump / snort to find rogue SMTP hosts is the next step I
would pursue. Remember though, your hosts may not be causing the spam
and it could instead be spoofing of some kind. For that, you can't do
anything except talk to the mail providers that blacklisted your domain
and get things cleared up.

Ultimately, I suggest switching to entirely AUTH based SMTP though to
prevent this issue from occurring. You can either block port 25 from
being routed or use net/smtptrapd (see <http://smtptrapd.inodes.org/>).

- -Garrett
Version: GnuPG v2.0.1 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to