Help with exim_mainlog

Posted on 2010-09-13
Last Modified: 2013-11-30
Someone is sending a ton of spam out from my server but I can't figure out who the sender is. I attached a few lines from my log. The sender appears to be 1Ounp6-0008So-0z, is that some sort of ID created by exim?

Thank you

2010-09-13 09:15:01 1Ounp6-0008So-0z => R=send_to_smart_host T=remote_smtp H=k2smtpout-                                     []*
2010-09-13 09:15:01 1Ounp6-0008So-0z -> R=send_to_smart_host T=remote_smtp H=k2smtpout-                                     []*
2010-09-13 09:15:01 1Ounp6-0008So-0z -> R=send_to_smart_host T=remote_smtp H=k2smtpout                                     []*

Open in new window

Question by:itsofmi
  • 3
  • 2
LVL 45

Expert Comment

by:Kent Olsen
ID: 33662366
Hi itsofmi,

You probably have SMTP relay enabled.  Some spammer is just routing his mail through you to mask his true identity.

LVL 26

Expert Comment

ID: 33663172
1Ounp6-0008So-0z is the message id...

Author Comment

ID: 33663267
is there any way to see the sender in the mainlog?
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

LVL 26

Expert Comment

ID: 33663708
Not sure (I'm a Sendmail guy), but this command should show you queued messages with the sender and recipient addresses:

# exim -bp

So if you still have spam queued up, you can see the sender address
LVL 45

Accepted Solution

Kent Olsen earned 250 total points
ID: 33664406
You should be able to look at the network packets and examine in incoming IP addresses.  If you're acting as an SMTP relay there should be a lot of connections from a single address.
LVL 26

Assisted Solution

jar3817 earned 250 total points
ID: 33664427

# netstat -an |grep :25

That'll show you active connections on port 25.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Are external E-mails being sent to distribution groups? 6 45
SMB share across internet 15 64
How to mount nfs share on this CentOS server? 6 42
Linux FTP Error 5 32
Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question