Solved

Help with exim_mainlog

Posted on 2010-09-13
6
844 Views
Last Modified: 2013-11-30
Someone is sending a ton of spam out from my server but I can't figure out who the sender is. I attached a few lines from my log. The sender appears to be 1Ounp6-0008So-0z, is that some sort of ID created by exim?

Thank you

2010-09-13 09:15:01 1Ounp6-0008So-0z => piggotwe@carec.paho.org R=send_to_smart_host T=remote_smtp H=k2smtpout-                                              v01.prod.mesa1.secureserver.net [64.202.189.86]*
2010-09-13 09:15:01 1Ounp6-0008So-0z -> labastwa@carec.paho.org R=send_to_smart_host T=remote_smtp H=k2smtpout-                                              v01.prod.mesa1.secureserver.net [64.202.189.86]*
2010-09-13 09:15:01 1Ounp6-0008So-0z -> anguilla.chamber@gcc.net R=send_to_smart_host T=remote_smtp H=k2smtpout                                              -v01.prod.mesa1.secureserver.net [64.202.189.86]*

Open in new window

0
Comment
Question by:itsofmi
  • 3
  • 2
6 Comments
 
LVL 45

Expert Comment

by:Kdo
ID: 33662366
Hi itsofmi,

You probably have SMTP relay enabled.  Some spammer is just routing his mail through you to mask his true identity.


Kent
0
 
LVL 26

Expert Comment

by:jar3817
ID: 33663172
1Ounp6-0008So-0z is the message id...
0
 
LVL 3

Author Comment

by:itsofmi
ID: 33663267
is there any way to see the sender in the mainlog?
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 26

Expert Comment

by:jar3817
ID: 33663708
Not sure (I'm a Sendmail guy), but this command should show you queued messages with the sender and recipient addresses:

# exim -bp

So if you still have spam queued up, you can see the sender address
0
 
LVL 45

Accepted Solution

by:
Kdo earned 250 total points
ID: 33664406
You should be able to look at the network packets and examine in incoming IP addresses.  If you're acting as an SMTP relay there should be a lot of connections from a single address.
0
 
LVL 26

Assisted Solution

by:jar3817
jar3817 earned 250 total points
ID: 33664427
Try:

# netstat -an |grep :25

That'll show you active connections on port 25.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question