spam from your server ?
Written on 3:41 PM by David S Anand
If you are worried about spam originating from your box there are few cool
steps from that you can manage to get the abuser.
1. Be sure that you have disabled the phpmail() and enabled the smtp authentication.
2. Check the headers of the spam report if you see that the xmailer is the bat or
the origination is missing or some hex values then you are going to do some R&D with logs
3.when you see that the mailer is bat or hex values you have to scan the resent
FTP logs not the mail logs since the mails don't have any specific sender.
4. Now start searching your FTP logs for cgi and pl files that has been uploaded
for past 5 - 10 days.
5. Some of the common names would be dark.pl etc..
6. If you have luck say when the spamming is going on and you login to the box
on seeing huge mail load on your box its easy just an ps command will let you
know who is the user abusing the server.
I use nagios to monitor the mail queue of the server, so if the mail queue hits
the limit I give a check. I am still finding some other ways to track down these spammers.........
