Link to home
Start Free TrialLog in
Avatar of silveuk
silveuk

asked on

Spam Prevention, Linux Server with plesk how to locate the exploited domain

I own a hosting server, running plesk on Linux environment, which has about 57 UK domains hosted on it, and lately the servers mail failure box had been over filled with bad email addresses containing spam.
I think the servers being used for spam, I have checked all the contact forms but every domain contact form contains a Session, PHP generated captcha image.
Anyway my question is

Plesk displays this information

 failure notice mungo@searchhound.com July 17, 2008 10:13 AM7 day(s) 00:23:3411,39 KB

And when you click on the link it displays

Received: (qmail 6822 invoked for bounce); 17 Jul 2008 10:13:09 +0100
Date: 17 Jul 2008 10:13:09 +0100
From: MAILER-DAEMON@p75197581.pureserver.info
To: mungo@searchhound.com
Subject: failure notice

This information is useless to me

Is their a way to Add a From IP address and exploited domain

That way I know which client has the vulnerability and I can the look for ways to prevent spam

So im pretty much asking how can I find out which domain these emails are coming from
Avatar of http:// thevpn.guru
http:// thevpn.guru
Flag of Denmark image

This does not mean that you are sending spam. It can simply mean that your are getting SPAM in the form of NDR.
Avatar of silveuk
silveuk

ASKER

Sorry i babble on alot, What im looking for is a way to detect if my linux server is a SPAM sender, or if any of the hosted domains are using the php mail() to send spam via form injections.
is their any script i can install which will give me logs of spam leaving my server.

i dont want my server to be a evil sender of spam
ASKER CERTIFIED SOLUTION
Avatar of Jan Bacher
Jan Bacher
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of silveuk

ASKER

I wanted some script to attack to the mail sending failure protocol, which would add ip addess of sender along with the domain it came from.

i figured out a solution by my self, i decided to always add another sender to my contact forms, and attached the information to my clients