I just had a ticket come in regards to a user who just last week
started receiving a crazy amount of spam emails that he has never had
an issue with. I checked the mail logs (/var/log/mail.log) and was
unable to find anything. I checked the spam emails the user still had
on his client and copied the message headers:
Return-Path: <hangza...@yahoo.com.cn>
X-Original-To: ba...@mydomain.com
Delivered-To: ba...@mydomain.com
Received: from localhost (localhost [127.0.0.1])
by mail.mydomain.com (Postfix) with ESMTP id 052A51FA41E4
for <ba...@mydomain.com>; Mon, 9 Mar 2009 06:54:05 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at mydomain.com
Received: from mail.mydomain.com ([127.0.0.1])
by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id E5kf3dILFNtT for <ba...@mydomain.com>;
Mon, 9 Mar 2009 06:54:04 -0400 (EDT)
Received: from mail.lkpp.gov.my (unknown [219.93.25.92])
by mail.mydomain.com (Postfix) with ESMTP id ECD741FA413E
for <ba...@mydomain.com>; Mon, 9 Mar 2009 06:54:03 -0400 (EDT)
Received: from lkpp.gov.my (localhost [127.0.0.1])
by mail.lkpp.gov.my (Postfix) with ESMTP id 29335BE1F7;
Mon, 9 Mar 2009 18:03:55 +0800 (MYT)
From: "Zaohang Lin" <hangza...@yahoo.com.cn>
Reply-To: hnagza...@yahoo.com.cn
Subject: I need your assistance please
Date: Mon, 9 Mar 2009 18:03:55 +0800
Message-Id: <20090309100355.m63...@yahoo.com.cn>
X-Mailer: OpenWebMail 2.53
X-OriginatingIP: 216.139.189.104 (sharifah)
MIME-Version: 1.0
Content-Type: text/plain;
charset=utf-8
To: undisclosed-recipients:;
=======================================================
Return-Path: <nob...@topadmin.por.tw>
X-Original-To: ba...@mydomain.com
Delivered-To: ba...@mydomain.com
Received: from localhost (localhost [127.0.0.1])
by mail.mydomain.com (Postfix) with ESMTP id 3B3311FA41E0
for <ba...@mydomain.com>; Sun, 8 Mar 2009 19:42:37 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at mydomain.com
Received: from mail.mydomain.com ([127.0.0.1])
by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id vYnvKEJBBnbB for <ba...@mydomain.com>;
Sun, 8 Mar 2009 19:42:37 -0400 (EDT)
Received: from topadmin.por.tw (52.121.217.203.static.tcol.com.tw
[203.217.121.52])
by mail.mydomain.com (Postfix) with ESMTPS id 7C91D1FA4180
for <ba...@mydomain.com>; Sun, 8 Mar 2009 19:42:36 -0400 (EDT)
Received: by topadmin.por.tw (Postfix, from userid 99)
id 3B035C0C8B; Mon, 9 Mar 2009 07:41:12 +0800 (CST)
To: ba...@mydomain.com
Subject: Anticipating Your Prompt Response
From: GUY-PATRICE LUMUMBA <guypatricelumu...@congo.gov>
Reply-To: guypatrice.lumu...@yahoo.com
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Message-Id: <20090308234115.3b035c0...@topadmin.por.tw>
Date: Mon, 9 Mar 2009 07:41:12 +0800 (CST)
X-ServerMaster-MailScanner-Information: Please contact the ISP for
more information
X-ServerMaster-MailScanner: Not scanned: please contact your Internet
E-Mail Service Provider for details
X-ServerMaster-MailScanner-SpamCheck:
X-MailScanner-From: nob...@topadmin.por.tw
==========================================================
Now I am wondering why I am unable to find any of these messages in my logs:
mail:~# cat /var/log/mail.log | grep -i 203.217.121.52
mail:~# cat /var/log/mail.log | grep -i 3B3311FA41E0
mail:~# cat /var/log/mail.log | grep -i guypatricelumu...@congo.gov
Am I searching for this incorrectly or in the wrong directory? Thanks
for any help!
- Carlos
