Troy usually this type of spammer will log on once and send 100s or 1000s of pieces of spam in the same session. We used the log analyze tool to help parse out which of our IPs was sending. Another way is to find the message ID of one of the pieces of spam and then track that back to a login ---it is tedious work. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Troy D. Hilton Sent: Friday, December 21, 2007 9:25 AM To: [email protected] Subject: RE: [IMail Forum] Italian Spam thru mail server I've checked through the logs and didn't see anything relating to an account on my server, but I'll check it again. Troy D. Hilton Serveon, Inc. 302-529-8640 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, December 21, 2007 11:17 AM To: [email protected] Subject: RE: [IMail Forum] Italian Spam thru mail server Check to see if an account has been hijacked. Happened to us recently when a client had an account with the password the same as the account name. We found someone was sending chinese spam through our server, very similar to what you are seeing. Looking through the logs we were finally able to isolate the account they were logging on with in order to send. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Troy D. Hilton Sent: Wednesday, December 19, 2007 9:53 AM To: [email protected] Subject: [IMail Forum] Italian Spam thru mail server Over the past few weeks I've been getting sporadic hits of Italian emails going thru my mail server. None of it appears to be addressed to any of my clients but its from some Italian address to a bunch of addresses, mostly Italian. I've run tests against my server and I'm not an open relay. I've been able to redirect the spam by IMail rules but this is tedious and I'm worried I'll get listed. In checking the logs I found the following line of text: Infobot message to <> not sent, precedence bulk Does this mean I've been hacked? Has anyone seen this before? Please advise. Troy D. Hilton Serveon, Inc. 302-529-8640 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
