Natalio Gatti wrote:
Hello List!
I´m having a big spam problem.
Today, I can´t send any mail. First thing to do, check logs, and..
surprise! in my /var/log/qmail/send my outgoing conections were
saturated (60/60).
"service qmail queue" throw 50.000 mails in my remote queue.
I start playing with qmHandle to delete those mails. And they were all
of the same type, here is the header:
------------------------------
Received: (qmail 18687 invoked by uid 48); 3 Jul 2006 10:28:32 -0000
Date: 3 Jul 2006 10:28:32 -0000
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Receipt of Your Payment to LWPELECTRONICS
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
----------------------------------
Is there any way to track those messages? I want to know if they were
sent by a local (infected) user, or if they came from the outside.
If you look at the full header, you'll see what IP address sent the
messages.
If you have not already, look at my spam notes on my site
(v2gnu.com/qmail). It suggests some additional RBLs to use which may/may
not help out a little.
If you're unsure where the emails were coming from, post the full header
info (you can send directly to me if you don't want all your info on the
list) and I'll take a look. Also, check your
/var/qmail/control/rcpthosts file and make sure you're not just
arbitrarily accept emails for yahoo.com.
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
