Hi, On Fri, 10.04.2009 at 09:42:21 +0800, Uwe Dippel <[email protected]> wrote: > I'm running postfix as MTA on a machine with several CMS, on a chrooted > Apache. Recently, there is a huge number of spam being sent from there, > alas. When I scan the postfix-logs, all those come from 'root', meaning > they don't come through port 25. I run OpenBSD with mini-sendmail, and > now I wonder how I could find out from which CMS they are sent. Is there > any chance to find out from which CMS they are sent?
I don't know whether you have a chance to do so in the wake of your recent spam wave, but you can prepare to recognize - and more easily block - the offenders the next time by enforcing authenticated SMTP submission for those applications, each with their own username/password pair. You probably need to modify or reconfigure those CMS installations, though. Kind regards, --Toni++
