Solved

Help with exim_mainlog

Posted on 2010-09-13
6
841 Views
Last Modified: 2013-11-30
Someone is sending a ton of spam out from my server but I can't figure out who the sender is. I attached a few lines from my log. The sender appears to be 1Ounp6-0008So-0z, is that some sort of ID created by exim?

Thank you

2010-09-13 09:15:01 1Ounp6-0008So-0z => piggotwe@carec.paho.org R=send_to_smart_host T=remote_smtp H=k2smtpout-                                              v01.prod.mesa1.secureserver.net [64.202.189.86]*

2010-09-13 09:15:01 1Ounp6-0008So-0z -> labastwa@carec.paho.org R=send_to_smart_host T=remote_smtp H=k2smtpout-                                              v01.prod.mesa1.secureserver.net [64.202.189.86]*

2010-09-13 09:15:01 1Ounp6-0008So-0z -> anguilla.chamber@gcc.net R=send_to_smart_host T=remote_smtp H=k2smtpout                                              -v01.prod.mesa1.secureserver.net [64.202.189.86]*

Open in new window

0
Comment
Question by:itsofmi
  • 3
  • 2
6 Comments
 
LVL 45

Expert Comment

by:Kdo
Comment Utility
Hi itsofmi,

You probably have SMTP relay enabled.  Some spammer is just routing his mail through you to mask his true identity.


Kent
0
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
1Ounp6-0008So-0z is the message id...
0
 
LVL 3

Author Comment

by:itsofmi
Comment Utility
is there any way to see the sender in the mainlog?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 26

Expert Comment

by:jar3817
Comment Utility
Not sure (I'm a Sendmail guy), but this command should show you queued messages with the sender and recipient addresses:

# exim -bp

So if you still have spam queued up, you can see the sender address
0
 
LVL 45

Accepted Solution

by:
Kdo earned 250 total points
Comment Utility
You should be able to look at the network packets and examine in incoming IP addresses.  If you're acting as an SMTP relay there should be a lot of connections from a single address.
0
 
LVL 26

Assisted Solution

by:jar3817
jar3817 earned 250 total points
Comment Utility
Try:

# netstat -an |grep :25

That'll show you active connections on port 25.
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

The purpose of this article is to demonstrate how we can use conditional statements using Python.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now