On Wednesday 11 November 2009 06:14:08
dhottin...@harrisonburg.k12.va.us wrote:
> Quoting Stan Hoeppner <s...@hardwarefreak.com>:
> > You should be concentrating your focus on the "Senders by
> > message count" section.
>
> Wouldnt the logwatch from the server list top users by emails?
Perhaps, but I missed the part where the OP mentioned that he was
using logwatch. Nevertheless I fail to see the relevance. Possibly
the OP's system is spewing spam, and all the helpful advice given in
this thread has gotten the OP not one bit closer to finding the
perpetrator and fixing the problem.
"Senders by message count" is ENVELOPE SENDER, in the case of spam,
completely useless. If the OP has, as I might guess, a compromised
httpd + PHP script, for example, the envelope sender will probably
change for EACH spam it sends.
Absolute rubbish. I will say that pflogsumm.pl is a fine tool, but
the suggestion thereof, and this entire thread, has been nothing but
a distraction from the work that the OP needs to do immediately.
I wrote:
> > What are some things I should be looking for in the pflogsumm.pl
> > report?
>
> 0. Not the summary, look at the actual logs.
> 1. Find a suspected spam. This will be easy if you start with one
> that was rejected by Verizon or other operator.
> 2. Trace that back to where it entered the queue.
> 3. Apply LART as necessary.
> 4. Review DEBUG_README.html#mail if questions still exist at this
> point. You can mung a specific email address if desired, but
> domain names and IP addresses might be very important.
One step I neglected to mention in my previous post: "postfix stop".
Your damage increases with every spam you send.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
