Look at the attached spams and see what their origins are.. If THOSE originate at localhost THEN worry. Otherwise, SA's just behaving as configured.
At 02:18 PM 5/11/2004, Bryce Fischer wrote:
I'm running the following: RH 9 SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) running using procmail/postfix
I also have amavisd running too.
I am concerned that someone might be using my mail server to send spam. I have received a couple of emails with the headers quoted below. My mail server SHOULD be using AUTH only, no anonymous and no POP before SMTP. What concerns me is that there is only one Received line in each of the messages below, and that it received it from localhost. Everything is intact below, except I've inserted <my domain here> substituting my actual domain name.
Also, the 2nd email header looks like it might be from a form mailer. I'm hosting many domains, and I'm looking for suspect scripts. I'm using Red Hat Linux, and Postfix as my MTA. Thanks for anyone that can give me advice, pointers, etc...
[BEGIN HEADERS]
Received: from localhost [127.0.0.1] by <my domain name here> with SpamAssassin (2.61 1.212.2.1-2003-12-09-exp); Sun, 09 May 2004 07:22:54 -0400
