Want if someone is using my server for sending spam

F

fmortara

Verified User
Joined
Jul 4, 2006
Messages
87
Want to know if someone is using my server for sending spam

Hi!
Wihch log-file should I looking, for identify if anyone of my user is sending spam email from my server?

Some internet provider, reject all email from my server whit error:
550 too many invalid recipients.
Click to expand...
It says that this indicate that in one hour they received, from my IP, many email with invalid addresses and now, for a little of time they blacklisted my IP and bounce email but not with 4xx error!!

I want to know if is true that someone is sending spam mail from my server, and if spam is sending whit smtp client, php script , or webmail... What can I to do for it?

PS. My server isn't an open relay.
 
Last edited:
Code: 
exim -bp

If you want too see message headers:
Code: 
exim -Mvh ID

Body:
Code: 
exim -Mvb ID

You can also use "Mail Queue Administration" in DA.
 
smtalk said:
Code: 
exim -bp

If you want too see message headers:
Code: 
exim -Mvh ID

Body:
Code: 
exim -Mvb ID

You can also use "Mail Queue Administration" in DA.
Click to expand...

Hi!
thanks for your help, but isn't this that I'm searching to. :(

I've analyzed completely var/log/exim/mainlog and no information indicates that from my server is sent email to invalid recipients of libero.it and yahoo.com.

Of course, there are some email rejected for invalid recipients, but under of 4/5 times a week

Now, email is regularily sended, but, yahoo apply a greylist with error 421 for 1 time before accept message, yerstday, greylist during for 4 hour.

I hope this unpleasant inconvenience is finished... but I haven't my answer...
 
If your server isn't sending the mail, then it's possible (especially in the case of Yahoo) that one or more of your customers is forwarding email (including spam) to their yahoo account and once it's there reporting it to Yahoo as spam. Yahoo trusts the headers and sees that the spam is coming from your server.

Jeff
 
How can I see if one of my user is forwarding (I think no) his email to another provider?
And how can I stop it?

EDIT: Yahoo says that my server email was blocking for customer compliant, so, If an user forward his email, I think that he don't report his forward to Yahoo!

O_o ...I hope...
 
Last edited:
The only way to tell is to look through the aliases files for each user; they're at /etc/virtual/*/aliases.

Sure your clients can forward email to Yahoo, and then complain that it's spam once it gets there. They do it all the time.

Jeff
 
jlasman said:
The only way to tell is to look through the aliases files for each user; they're at /etc/virtual/*/aliases.

Sure your clients can forward email to Yahoo, and then complain that it's spam once it gets there. They do it all the time.

Jeff
Click to expand...

No information in aliases file.

Al file is similar to:
user:user
*: fail

one have the cach all email:
user:user
*: [email protected]


???:confused:
 
Catchall emails are generally the worst cause of spam being delivered to your server.

But unless that user is forwarding the mail to Yahoo, it's not the cause of Yahoo's complaint.

If Yahoo won't tell you the source of the spam from your server, and you can't find it in your logs, then there's not much you can do.

Jeff
 
You must log in or register to reply here.
Back
Top