[svlug] Figuring out who is spamming from my network???

Govind Tatachari govind_tatachari at yahoo.com
Wed May 23 12:27:04 PDT 2007 

Mark,

If you can, enable logging at the qmails (qmail-send) level.
You may need to recompile qmail-send to ensure you can capture the
details you want.

Thanks,
Govind

Mark <msalists at gmx.net> wrote:     No,  what I mean is the userid that is used to log into the SMTP  server.
 The ID  you set up in the email clients outgoing mail server  configuration.
  
 I  think what you are talking about is the sender's address - anybody can enter  anything, that is correct.
  
 MARK

 
       
---------------------------------
   From: Govind Tatachari    [mailto:govind_tatachari at yahoo.com] 
Sent: Wednesday, May 23, 2007    10:32 AM
To: Mark; svlug at lists.svlug.org
Subject: Re:    [svlug] Figuring out who is spamming from my network???


   
Mark,

I tried to get my hosting provider to help me identify    or provide details to
isolate identity of the spammer but no progress so    far. The main problem seems to be that userID can be constructed (using any    domainname) and used to send spam. Any spam prevention experts who can explain    how to prevent this ??

Thanks,
G

Mark    <msalists at gmx.net> wrote:
   Hi,

I      am trying to figure out who is using my server to send spam.

I got as      far as finding the log entries in the qmail logs ("mail.info") and identical      lines in the "messages" log. 
However, there is no user ID. 

How      can I find out the user id that was used to authenticate during the SMTP      session? I tried sending an email through the server
without      authenticating and the server rejected it, so whoever sent the email must      have authenticated. Unless there is a way around
the authentication that      I am not aware of.

I also found the corresponding "START: smtp" log      entry in the xinetd log, but no user ID here either.

Does qmail log      who authenticates, and if not can I make it do      it?

Thanks,

MARK


_______________________________________________
svlug      mailing      list
svlug at lists.svlug.org
http://lists.svlug.org/lists/listinfo/svlug


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.svlug.org/archives/svlug/attachments/20070523/03192bf1/attachment.htm

More information about the svlug mailing list