Re: [xmail] message logging
I think that the best way to avoid this kind of problem is making an OUTPUT filter that insert email headers (from, to, date/time) into a sql table to EACH message your XMail sends. So you can schedule another script in your OS (every 5 minutes, for example) that sum these table rows and take some action based on some rules (same FROM sending more than 5000 messages a day = BLOCK, same domain sending more than 2 messages a day = BLOCK, etc, etc). Without this, you will became crazy trying to analyze tons os logs... Regards Edinilson -- ATINET Tel Voz: (0xx11) 4412-0876 http://www.atinet.com.br - Original Message - From: "Spyros Tsiolis" To: "XMail Users Mailing List" Sent: Tuesday, May 21, 2013 3:35 PM Subject: Re: [xmail] message logging From: Stefano Pascucci To: XMail Users Mailing List Sent: Tuesday, 21 May 2013, 19:05 Subject: Re: [xmail] message logging Hi Spyros I experienced a similar situation some months ago: one of my server email owner was sending tons of spam After figthing with many log files, I have discovered that the hacker had been able to hack the mailbox pwd, and he was sending the email using smtp autetication method. You can find the evidence of that inside the smtp log, looking for all the authenticated users that are sending email, and find the ones that are spam Hi Stefano, That's just it. I don't know of a way to check the log files for outgoing mail. That's what I am asking. Thank you though, s. "I merely function as a channel that filters music through the chaos of noise" - Vangelis ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] message logging
> > From: Stefano Pascucci > To: XMail Users Mailing List > Sent: Tuesday, 21 May 2013, 19:05 > Subject: Re: [xmail] message logging > > > > Hi Spyros > I experienced a similar situation some months ago: one of my > server email owner was sending tons of spam > After figthing with many log files, I have discovered that the > hacker had been able to hack the mailbox pwd, and he was sending > the email using smtp autetication method. > You can find the evidence of that inside the smtp log, looking for > all the authenticated users that are sending email, and find the > ones that are spam Hi Stefano, That's just it. I don't know of a way to check the log files for outgoing mail. That's what I am asking. Thank you though, s. "I merely function as a channel that filters music through the chaos of noise" - Vangelis ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] message logging
Hi Spyros I experienced a similar situation some months ago: one of my server email owner was sending tons of spam After figthing with many log files, I have discovered that the hacker had been able to hack the mailbox pwd, and he was sending the email using smtp autetication method. You can find the evidence of that inside the smtp log, looking for all the authenticated users that are sending email, and find the ones that are spam Il 21/05/2013 16:26, Spyros Tsiolis ha scritto: Hello all, I have a situation with an installation where someone has managed to get hold of an e-mail address (the boss' actually) and is sending spam to the outside world. To an extend, I've managed to isolate the problem and it seems it's the mail server itself. I still don't know if it's XMail or an anti-spam solution I've adopted since about 2004. I would like to monitor the mail that goes out to the world. Can I do this with XMail ? Do I check the logs ? Which logs ? I've never done this before, so I would be greatful to any help. thank you, spyros ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] message logging
Hello, It is also possible that someone is sending spam messages directly, not via your mailserver. If you have a spam message, you can usually find out if this is the case by viewing the e-mail headers (often visible in the "raw email source"). Is your mail server listed in the headers (in a Received: line)? You could try to look into the XMail SMTP logs. Their location depends on the OS. If the spam mails are listed in these logs, something else is sending the emails to your XMail server and your XMail server is forwarding these spam messages. In this case you can find the IP address and possibly username of the sender. Possibly some account information for your mailserver has leaked, or the server may be configured as an open relay. You can also use a tool like wireshark or tcpdump to monitor communications on tcp port 25, which would also tell you if your server is sending spam mails (if it is sending at that moment). I hope this helps. Ivo Op 21-5-2013 16:26, Spyros Tsiolis schreef: Hello all, I have a situation with an installation where someone has managed to get hold of an e-mail address (the boss' actually) and is sending spam to the outside world. To an extend, I've managed to isolate the problem and it seems it's the mail server itself. I still don't know if it's XMail or an anti-spam solution I've adopted since about 2004. I would like to monitor the mail that goes out to the world. Can I do this with XMail ? Do I check the logs ? Which logs ? I've never done this before, so I would be greatful to any help. thank you, spyros "I merely function as a channel that filters music through the chaos of noise" - Vangelis ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail