How to identify a possible Spam situation
Posted on 2006-05-29
I have experienced a problem with my server, and I don't know which tools and/or procedures I should use to really inspect and find out what is going on.
The server is a P-4, 2 MB RAM, SCSI disk, running Linux Cento's, Sendmail, Spam Assassin, and Mail Scanner (this, only during the night shift). So, it is a good environment. This is a server dedicated only to e-mail POP and SMTP, it has no production Domains / Sites.
Frequently I realized that its Cpu Average Time is quite high, sometimes above 30.x, 40.x. 50.x. We had even times over 100.x. Normally when it happens, I close Spam Assassin, and if necessary I also Close Sendmail. When times come to lower 10.x I start them again.
I suspect that my Server is being used by Spammers to send mass emails. It is not open relayed, but may be some of my customers, or someone who by any way got a valid user/password is doing this.
Well, all I would like to know is how to identify this (if possible, of course), how to be sure and see clearly that someone is spamming on my Server, and how to avoid this. Is there any sequence of commands or Scripts, that could show me this?
Thanks for any help.