[afnog] HOW can I stop outgoing spam
saleh ali
saleh.shihab at live.com
Tue Sep 27 09:37:44 UTC 2011
Ok .
When I watch log file I found a abnormal behavior .
the behavior is my mail server domain is sustech.edu and I Found some email send to outside and the sender is out of my domain (edwarpor20 at yahoo.com.hk) AND i very sure that my mail server is not an open relay , see the following Lines:
This Lines from my server log file
Mail 132a1e9e79c_WE7L_149d-1 sent successfully to vcgw1.ocn.ad.jp [125.170.92.208] for [air_ship at highway.or.jp] apparently from edwardsoper20 at yahoo.com.hk (size= 1314 bytes)
while the SMTP OUT it should be just from emails that inside my domain.
> Date: Tue, 27 Sep 2011 11:06:17 +0200
> From: bortzmeyer at nic.fr
> To: saleh.shihab at live.com
> CC: afnog at afnog.org
> Subject: Re: HOW can I stop outgoing spam
>
> On Tue, Sep 27, 2011 at 11:51:44AM +0300,
> saleh ali <saleh.shihab at live.com> wrote
> a message of 52 lines which said:
>
> > I have an Email server in my organization and this server send an
> > outbound spam and this action make my email server act as spammer
> > and alto of Outside email server like hotmail.com,...,etc add my
> > server to black list.
>
> You first need to check the logs of the email server (general sysadmin
> rule: first, read the logs). You will find out whether the email
> server sends spam itself (because it has been compromised) or whether
> it is just used as a relay, by outside machines (if you leaved the
> server open) or by inside machines (and you will get their IP
> addresses in the log, so you can chase after them and kill them).
>
> Warning: this is complicated work and should be done by a senior
> sysadmin, not by a beginner.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20110927/aa2365ab/attachment.html>
More information about the afnog
mailing list