[lug] Re: Email spam

Matt Armstrong matt at lickey.com
Thu Apr 25 11:31:10 MDT 2002


"Justin" <glow at jackmoves.com> writes:

> Hmm, yes I've been thinking about switching my webmail software for
> quite a while since he stopped working on it. Just need to find
> something that seem transparent to all the users when it's upgraded
> (ie: all their mail will be where is should be :) ).
>
> I found a couple more interesting parts of my maillog concerning the
> www account just a little while ago. Seems like my server is being
> used to spam other email too?
>
> Apr 25 10:20:30 oldschool postfix/pickup[16980]: AEA593D47: uid=80 
> from=<www>
> Apr 25 10:20:30 oldschool postfix/cleanup[17497]: AEA593D47: message-
> id=<200204251
> 62030.AEA593D47 at oldschool.jackmoves.com>
> Apr 25 10:20:30 oldschool postfix/qmgr[23379]: AEA593D47: 
> from=<www at jackmoves.com>
> , size=512, nrcpt=1 (queue active)
> Apr 25 10:20:32 oldschool postfix/smtp[17503]: AEA593D47: 
> to=<daddyjb at zone-killer.
> com>, relay=mail.streetwarz.com[140.99.13.42], delay=2, status=sent 
> (250 ok 101975
> 1721 qp 40795)

You could look at your apache web log to see if anybody is accessing a
CGI at the same time these are being generated.  That might help
determine if this is neomail or not.

-- 
matt



More information about the LUG mailing list