Answer the question
In order to leave comments, you need to log in
E
E
Evgeny Mikhalev2014-02-11 22:47:10
Evgeny Mikhalev, 2014-02-11 22:47:10
What should I do if spam is being sent through my server?
I have never been strong in setting up mail, I still can’t find the time to figure it out. That's what paid off.
Hatzner server. Blocked. I tried to set up mail according to different manuals, as a result, on my server (server ubunta) I got a mess of mail servers and settings for them.
Apparently someone hacked and started spamming.
I deleted all servers (postfix, ekzim, sendmail, davecot) and the spam stopped. Recently there was a need to send letters from the site (alerts) set up mail, with great difficulty.
I only need to send mail from sites. You don't need to take anything back.
Now there are Alpine - read local mail, Sendmail, sensmail-base, sendmail-bin (Which, by the way, for some reason conflicts with postfix, which is not installed, I'm surprised myself), sensmail-cf and sensmail-mda, procmail.
How to find the culprit - Maybe one of the client sites hosted on my server is spamming via php, Or maybe someone from this whole mess of software is accepting mail for forwarding? What keywords to watch logs for?
1 answer(s)
@inkvizitor68sl
V
Vlad Zhivotnev, 2014-02-12 @inkvizitor68sl
To start with, like this: https://debian.pro/1541 , https://debian.pro/276
Then, if spam comes out (from mailboxes that you have allowed to send), then:
It will give you the names of php files that send letters (more precisely, this is for those letters that could not be sent, but if you are seriously spammed, then there will be mountains of letters).
You can insert the X-PHP-Originating-Script header into the logs so as not to search by hand.
Similar questions
A
A
M
P
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question