The Planet Forums > Trying to find the SPAMMER

Full Version: Trying to find the SPAMMER

The Planet Forums > System Administration > Mail Hosting

lindem

Jan 24 2007, 02:15 PM

Hello.

My server has been affected by a SPAMMER. This SPAMMER always send thousands of emails with the same thing but I don't know what user is using his account to do that. All emails comes with (I saw that using WHM > Mail Queue Manager):

--------------------------------
Displaying Message ID 1H9jYa-0002Yv-5u

Main >> Email >> Mail Queue Manager
Delete Message | Deliver Message Now | Return to Mail Queue 1H9jYa-0002Yv-5u-H
mailnull 47 12
<>
1169650620 0
-ident mailnull
-received_protocol local
-body_linecount 151
-allow_unqualified_recipient
-allow_unqualified_sender
-localerror
XX
1
infohd2007@gmaiI.com

157P Received: from mailnull by linux.MYDOMAINNAMEGOESHERE.org with local (Exim 4.63)
id 1H9jYa-0002Yv-5u
for infohd2007@gmaiI.com; Wed, 24 Jan 2007 12:57:00 -0200
039 X-Failed-Recipients: amantedf@loja.net
029 Auto-Submitted: auto-replied
070F From: Mail Delivery System <Mailer-Daemon@linux.MYDOMAINNAMEGOESHERE.org>
025T To: infohd2007@gmaiI.com
059 Subject: Mail delivery failed: returning message to sender
059I Message-Id: <E1H9jYa-0002Yv-5u@linux.MYDOMAINNAMEGOESHERE.org>
038 Date: Wed, 24 Jan 2007 12:57:00 -0200

1H9jYa-0002Yv-5u-D
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

amantedf@loja.net
SMTP error from remote mail server after RCPT TO:<amantedf@loja.net>:
host mail.loja.net [209.63.57.99]: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

------ This is a copy of the message, including all the headers. ------

Return-path: <infohd2007@gmaiI.com>
Received: from c9532b8c.virtua.com.br ([201.83.43.140] helo=201.83.43.140)
by linux.MYDOMAINNAMEGOESHERE.org with smtp (Exim 4.63)
(envelope-from <infohd2007@gmaiI.com>)
id 1H9jY3-0002Ju-J5
for amantedf@loja.net; Wed, 24 Jan 2007 12:56:46 -0200
From: "AGLOCO" <infohd2007@gmaiI.com>
To: <amantedf@loja.net>
Subject: Essa você não pode perder!!!
Sender: "AGLOCO" <infohd2007@gmaiI.com>
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="= Multipart Boundary 0124071257"
Date: Wed, 24 Jan 2007 12:57:31 -0200
Reply-To: "AGLOCO" <infohd2007@gmaiI.com>

This is a multipart MIME message.

--= Multipart Boundary 0124071257
Content-Type: text/plain;
charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
---------------------------------

How could I see what account in my server is spamming? Please give me some help.

Regards.
Thiago.

doncamillo

May 13 2008, 08:13 AM

I have the same problem. Is there any solution?

wshawn

May 31 2008, 09:19 PM

http://www.reedmedia.net/software/sendmail_stats/

Follow the directions and wait around a minute to run. This thing is quite sweet.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.