• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 856
  • Last Modified:

Help with exim_mainlog

Someone is sending a ton of spam out from my server but I can't figure out who the sender is. I attached a few lines from my log. The sender appears to be 1Ounp6-0008So-0z, is that some sort of ID created by exim?

Thank you

2010-09-13 09:15:01 1Ounp6-0008So-0z => piggotwe@carec.paho.org R=send_to_smart_host T=remote_smtp H=k2smtpout-                                              v01.prod.mesa1.secureserver.net [64.202.189.86]*
2010-09-13 09:15:01 1Ounp6-0008So-0z -> labastwa@carec.paho.org R=send_to_smart_host T=remote_smtp H=k2smtpout-                                              v01.prod.mesa1.secureserver.net [64.202.189.86]*
2010-09-13 09:15:01 1Ounp6-0008So-0z -> anguilla.chamber@gcc.net R=send_to_smart_host T=remote_smtp H=k2smtpout                                              -v01.prod.mesa1.secureserver.net [64.202.189.86]*

Open in new window

0
itsofmi
Asked:
itsofmi
  • 3
  • 2
2 Solutions
 
Kent OlsenData Warehouse Architect / DBACommented:
Hi itsofmi,

You probably have SMTP relay enabled.  Some spammer is just routing his mail through you to mask his true identity.


Kent
0
 
jar3817Commented:
1Ounp6-0008So-0z is the message id...
0
 
itsofmiAuthor Commented:
is there any way to see the sender in the mainlog?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
jar3817Commented:
Not sure (I'm a Sendmail guy), but this command should show you queued messages with the sender and recipient addresses:

# exim -bp

So if you still have spam queued up, you can see the sender address
0
 
Kent OlsenData Warehouse Architect / DBACommented:
You should be able to look at the network packets and examine in incoming IP addresses.  If you're acting as an SMTP relay there should be a lot of connections from a single address.
0
 
jar3817Commented:
Try:

# netstat -an |grep :25

That'll show you active connections on port 25.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now