[svlug] Figuring out who is spamming from my network???
Mark
msalists at gmx.net
Wed May 23 11:08:02 PDT 2007
No, what I mean is the userid that is used to log into the SMTP server.
The ID you set up in the email clients outgoing mail server configuration.
I think what you are talking about is the sender's address - anybody can enter anything, that is correct.
MARK
_____
From: Govind Tatachari [mailto:govind_tatachari at yahoo.com]
Sent: Wednesday, May 23, 2007 10:32 AM
To: Mark; svlug at lists.svlug.org
Subject: Re: [svlug] Figuring out who is spamming from my network???
Mark,
I tried to get my hosting provider to help me identify or provide details to
isolate identity of the spammer but no progress so far. The main problem seems to be that userID can be constructed (using any
domainname) and used to send spam. Any spam prevention experts who can explain how to prevent this ??
Thanks,
G
Mark <msalists at gmx.net> wrote:
Hi,
I am trying to figure out who is using my server to send spam.
I got as far as finding the log entries in the qmail logs ("mail.info") and identical lines in the "messages" log.
However, there is no user ID.
How can I find out the user id that was used to authenticate during the SMTP session? I tried sending an email through the server
without authenticating and the server rejected it, so whoever sent the email must have authenticated. Unless there is a way around
the authentication that I am not aware of.
I also found the corresponding "START: smtp" log entry in the xinetd log, but no user ID here either.
Does qmail log who authenticates, and if not can I make it do it?
Thanks,
MARK
_______________________________________________
svlug mailing list
svlug at lists.svlug.org
http://lists.svlug.org/lists/listinfo/svlug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.svlug.org/archives/svlug/attachments/20070523/6343b1cf/attachment-0001.htm
More information about the svlug
mailing list