Help with exim_mainlog

Posted on 2010-09-13
Medium Priority
Last Modified: 2013-11-30
Someone is sending a ton of spam out from my server but I can't figure out who the sender is. I attached a few lines from my log. The sender appears to be 1Ounp6-0008So-0z, is that some sort of ID created by exim?

Thank you

2010-09-13 09:15:01 1Ounp6-0008So-0z => piggotwe@carec.paho.org R=send_to_smart_host T=remote_smtp H=k2smtpout-                                              v01.prod.mesa1.secureserver.net []*
2010-09-13 09:15:01 1Ounp6-0008So-0z -> labastwa@carec.paho.org R=send_to_smart_host T=remote_smtp H=k2smtpout-                                              v01.prod.mesa1.secureserver.net []*
2010-09-13 09:15:01 1Ounp6-0008So-0z -> anguilla.chamber@gcc.net R=send_to_smart_host T=remote_smtp H=k2smtpout                                              -v01.prod.mesa1.secureserver.net []*

Open in new window

Question by:itsofmi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 46

Expert Comment

by:Kent Olsen
ID: 33662366
Hi itsofmi,

You probably have SMTP relay enabled.  Some spammer is just routing his mail through you to mask his true identity.

LVL 26

Expert Comment

ID: 33663172
1Ounp6-0008So-0z is the message id...

Author Comment

ID: 33663267
is there any way to see the sender in the mainlog?
Certified OpenStack Administrator Course

We just refreshed our COA course based on the Newton exam.  With 14 labs, this course goes over the different OpenStack services that are part of the certification: Dashboard, Identity Service, Image Service, Networking, Compute, Object Storage, Block Storage, and Orchestration.

LVL 26

Expert Comment

ID: 33663708
Not sure (I'm a Sendmail guy), but this command should show you queued messages with the sender and recipient addresses:

# exim -bp

So if you still have spam queued up, you can see the sender address
LVL 46

Accepted Solution

Kent Olsen earned 1000 total points
ID: 33664406
You should be able to look at the network packets and examine in incoming IP addresses.  If you're acting as an SMTP relay there should be a lot of connections from a single address.
LVL 26

Assisted Solution

jar3817 earned 1000 total points
ID: 33664427

# netstat -an |grep :25

That'll show you active connections on port 25.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses
Course of the Month11 days, 9 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question