On 11/11/09 7:55 AM, "/dev/rob0" <r...@gmx.co.uk> wrote: > On Wednesday 11 November 2009 06:14:08 > dhottin...@harrisonburg.k12.va.us wrote: >> Quoting Stan Hoeppner <s...@hardwarefreak.com>: >>> You should be concentrating your focus on the "Senders by >>> message count" section. >> >> Wouldnt the logwatch from the server list top users by emails? > > Perhaps, but I missed the part where the OP mentioned that he was > using logwatch. Not using logwatch that I know of.
> Nevertheless I fail to see the relevance. Possibly > the OP's system is spewing spam, and all the helpful advice given in > this thread has gotten the OP not one bit closer to finding the > perpetrator and fixing the problem. No, the advice here has helped with troubleshooting where the spam is coming from or finding the compromised system/script > "Senders by message count" is ENVELOPE SENDER, in the case of spam, > completely useless. If the OP has, as I might guess, a compromised > httpd + PHP script, for example, the envelope sender will probably > change for EACH spam it sends. Looking into this now > > Absolute rubbish. I will say that pflogsumm.pl is a fine tool, but > the suggestion thereof, and this entire thread, has been nothing but > a distraction from the work that the OP needs to do immediately. > > I wrote: >>> What are some things I should be looking for in the pflogsumm.pl >>> report? >> >> 0. Not the summary, look at the actual logs. >> 1. Find a suspected spam. This will be easy if you start with one >> that was rejected by Verizon or other operator. >> 2. Trace that back to where it entered the queue. >> 3. Apply LART as necessary. >> 4. Review DEBUG_README.html#mail if questions still exist at this >> point. You can mung a specific email address if desired, but >> domain names and IP addresses might be very important. > > One step I neglected to mention in my previous post: "postfix stop". > Your damage increases with every spam you send. I don't believe this hosting service will want to kill email but will bring it to their attention
