[svlug] Figuring out who is spamming from my network???
Mark
msalists at gmx.net
Wed May 23 10:00:03 PDT 2007
Hi,
I am trying to figure out who is using my server to send spam.
I got as far as finding the log entries in the qmail logs ("mail.info") and identical lines in the "messages" log.
However, there is no user ID.
How can I find out the user id that was used to authenticate during the SMTP session? I tried sending an email through the server
without authenticating and the server rejected it, so whoever sent the email must have authenticated. Unless there is a way around
the authentication that I am not aware of.
I also found the corresponding "START: smtp" log entry in the xinetd log, but no user ID here either.
Does qmail log who authenticates, and if not can I make it do it?
Thanks,
MARK
More information about the svlug
mailing list