Can't Locate Local Spam Source
May 3, 2007
My server running and update CentOS 4.4. In the last hours lot of spam are being send form my server to the world. I'm unable to locate the source.
Sendmail is define to relay localhost, and it seems that the source is local!
It seem that all the email are send from apache@mydomain.com to user@mydomain.com
Sendmail is configure to accept for local delivery mail for domain mydomain.com
Here is trace of spam session:
Quote:
May 3 14:39:51 active sendmail[17696]: NOQUEUE: connect from mydomain.com [127.0.0.1]
May 3 14:39:51 active sendmail[17696]: AUTH: available mech=CRAM-MD5 DIGEST-MD5 PLAIN ANONYMOUS LOGIN, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: Milter: no active filter
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 220 mydomain.com ESMTP Sendmail 8.13.1/8.12.8; Thu, 3 May 2007 14:39:51 +0300
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: <-- EHLO mydomain.com
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-mydomain.com Hello mydomain.com [127.0.0.1], pleased to meet you
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-ENHANCEDSTATUSCODES
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-PIPELINING
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-8BITMIME
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-SIZE
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-DSN
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-ETRN
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-AUTH DIGEST-MD5 CRAM-MD5
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-DELIVERBY
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250 HELP
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: <-- MAIL From:<apache@mydomain.com> SIZE=133 AUTH=apache@mydomain.com
May 3 14:39:51 active sendmail[17696]: ruleset=trust_auth, arg1=apache@mydomain.com, relay=mydomain.com [127.0.0.1], reject=550 5.7.1 <apache@mydomain.com>... not authenticated
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250 2.1.0 <apache@mydomain.com>... Sender ok
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: <-- RCPT To:<reports@mydomain.com>
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250 2.1.5 <reports@mydomain.com>... Recipient ok
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: <-- DATA
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 354 Enter mail, end with "." on a line by itself
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: from=<apache@mydomain.com>, size=410, class=0, nrcpts=1, msgid=<200705031139.l43BdpDW017695@mydomain.com>, proto=ESMTP, daemon=MTA, relay=mydomain.com [127.0.0.1]
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250 2.0.0 l43Bdpg2017696 Message accepted for delivery
May 3 14:39:51 active sendmail[17696]: l43Bdpg3017696: <-- QUIT
May 3 14:39:51 active sendmail[17696]: l43Bdpg3017696: --- 221 2.0.0 mydomain.com closing connection
It seems the spam message BCC contain a lot of victims address, that not from mydomain.
Is some one connect form outside and spoof 127.0.0.1 ?
If it local process, ho do I locate it?
I scan /tmp and my web server root for suspicious file and didn't find nothing!
View 1 Replies
ADVERTISEMENT
Dec 4, 2008
Does anybody know of any open source Anti Spam gateway for mail servers? I have used MailCleaner and know how it works. Is there any other available?
View 3 Replies
View Related
Feb 20, 2008
I want to set up a dedicated server for spam and virus filtering (MX)
But i was wondering, is there a good opensource based tool for this?
View 14 Replies
View Related
May 13, 2007
I am trying to install the kernel source.
I have downloaded kernel-2.6.20-1.2948.fc6.src.rpm
I am using fedora 6 64bit.
here are my current kernels:
kernel-headers-2.6.20-1.2948.fc6
kernel-devel-2.6.20-1.2944.fc6
yum-kernel-module-1.0.3-1.fc6
kernel-2.6.20-1.2944.fc6
kernel-devel-2.6.20-1.2948.fc6
kernel-2.6.20-1.2948.fc6
here is what I seen when I installed kernel-2.6.20-1.2948.fc6.src.rpm
rpm -ivh kernel-2.6.20-1.2948.fc6.src.rpm
1:kernel warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root
warning: user brewbuilder does not exist - using root
########################################### [100%]
warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root
then when I ran:
rpmbuild -bp --target=$(uname -m) /usr/src/redhat/SPECS/kernel-2.6.spec
I seen this error:
+ Arch=x86_64
+ make ARCH=x86_64 nonint_oldconfig
In file included from /usr/include/sys/socket.h:35,
from /usr/include/netinet/in.h:24,
from /usr/include/arpa/inet.h:23,
from scripts/basic/fixdep.c:117:
/usr/include/bits/socket.h:310:24: error: asm/socket.h: No such file or directory
make[1]: *** [scripts/basic/fixdep] Error 1
make: *** [scripts_basic] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.93770 (%prep)
I need to have this installed to get a app installed etc...
suggestions or ideas?
thanks
View 2 Replies
View Related
May 23, 2007
How do I locate a list of files or folder with 777 permissions?
View 3 Replies
View Related
May 13, 2009
i got this error on some of the sites on my server
the script company says it's something wrong with perl
Code:
Can't locate Crypt/CipherSaber.pm in @INC (@INC contains: Plugins Modules /usr/local/lib/perl5/5.8.8/i686-linux /usr/local/lib/perl5/5.8.8 /usr/local/lib/perl5/site_perl/5.8.8/i686-linux /usr/local/lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/site_perl .) at Modules/Session.pm line 283.
View 3 Replies
View Related
Jul 7, 2008
I am trying to locate what large file are filling up the / on the server but I am having trouble using the find command to do this.
View 1 Replies
View Related
Oct 21, 2007
I am in the process of setting up a VPN server for a client who lives in a Middle Eastern country.
He will be using the VPN for all his internet surfing, email access, etc. (So the VPN will be his internet gateway. His local ISP connection will only be used to make the VPN connection.)
The majority of his internet surfing through the VPN will be to US websites.
Where is the best place to locate the VPN server? I have two datacenters available to choose from: USA or UK
View 8 Replies
View Related
Jul 10, 2014
When I enter my_domain.com the browser displays index.php located in httpdocs on my server. When I enter my_domain.com/main/ the browser displays another page, but there's no directory "main" in my httpdocs. Somehow it's redirected to another location (but in URL bar in the browser it's still my_comain.com/main/). I need to find that location.
As I searched through the web, such redirection can be made in .htaccess file, but I can't locate this one either. My server is Apache on CentOS6, and httpdocs directory is located in /var/www/vhosts/my_domain.com. I searched for .htaccess in several locations that I googled, I also tried executing "find / -type d -name '.htaccess'" on PuTTy, but it gives no results.
View 2 Replies
View Related
Dec 3, 2008
my system sometimes just hangs, until i manage to restart apache.
i believe one of my programs, most likely php scripts, has infinite loop, unfortunately i'm clueless which script, where.
View 3 Replies
View Related
May 10, 2008
I have a problem with my server
when I do
locate ***
-bash: locate: command not found
& I did
updatedb
-bash: updatedb: command not found
View 13 Replies
View Related
Apr 24, 2008
if anyone knew if with Network Solutions advanced hosting package on unix there was a way to store the documents outside of document root? If not is there a good way to secure a folder/files that is in the document root from users?
View 1 Replies
View Related
May 18, 2015
I am unable to locate the MSI install package for 2.4.12.
View 2 Replies
View Related
Nov 5, 2014
My System is a Windows Server 2012 r2 with Plesk 12.
On this system i have installed MailEnable as my Mailserver.
So at the moment something is spam on this server, but i can't find out who is it.
Received: from win02.XXXXXX([MY IP] helo=WIN02.home)
(envelope-from <root@XXXXXXXX>)
id 1XlyHP-00038b-R0
for x; Wed, 05 Nov 2014 11:57:37 +0100
[Code].....
The header is meaning that the spams come from root@, but there is no account with the name root@...
On linux it is so easy to find the spam with qmail or postfix. Why mailenable it is so difficult
View 3 Replies
View Related
Oct 17, 2009
I'm under the gun, and looking for a source for 40km and 80km XFPs (e.g. Finisar, Agilestar), who keeps them in stock and at a good price. I prefer to work with vendors who are subject to US law.
View 1 Replies
View Related
Jun 21, 2007
Does xensource support more than 3 ips per domU?
View 2 Replies
View Related
Jul 31, 2009
Anybody have a good source for APC cabinets? I need a full truck-load of AR3100.
View 12 Replies
View Related
Apr 14, 2009
I bought two Dell R200 because they was extremely cheap.
My target is Open Source SAN with active/passive setup.
Now i was wondering what RAID-level I should go for.
I will use 1TB SATA-II disks.
1) RAID-1 in both servers and mirror each other with DRBD.
With this setup i have like double RAID-1 so i lose lots of disk space.
4 disks -> 1TB
2) No-raid at all and i will mirror data with DRBD.
4 disks -> 2TB
Then there is change to go for RAID-5. Theres enough space to put third disk in that case
3) RAID-5 in both servers. Mirrors data with DRBD.
6 disks -> 2TB but more performance.
But in every setup i lose space more then i would like to.
Actually i dont need space more then 1TB, but i would like to get best possible redundancy and most space available i could.
Also need to remember that those servers does not support hot-plug HDs so in case there is disk-failure i need to be able to shutdown one server and iSCSI should still be up and running.
Of course theres change to make it active/active.
I was thinking that if I go for the RAID-5 I will make LVM-VG on both nodes (san-vg1 and san-vg2) and use it 50/50.
In case of fail both VG's will be used from working node.
Im going to use Debian Lenny I guess..
I was looking for OpenFiler because of the GUI, but im familiar with Debian and have always done everything from cmd.
View 1 Replies
View Related
Jan 20, 2008
Running ubuntu server 6 if I apt-get php5 the version I get is 5.1.2.
Now the latest version on the php.net site is 5.2.5.
Does it really make much of a difference if I'm slightly below current? What are your thoughts please?
I know if I go compiling from source php and mysql are difficult to get working together which is why I like the apt-get method.
View 1 Replies
View Related
Sep 25, 2007
Website source is a great hosting company! They host up to 8 domains for $107.00.. They have great customer service and they offer 24 hours online support.
View 6 Replies
View Related
Sep 22, 2007
an A/V kind of solution, that allows me to use my own custom signatures, etc. just wondered if such a thing existed.
View 2 Replies
View Related
Jun 10, 2007
does anybody have a script that can veiw the php source code before it runs to the server of an external site
View 1 Replies
View Related
Oct 1, 2009
I am looking for a opensource ftp client so I don't have to license a million computers with it. Any body have any good ones they can list?
View 14 Replies
View Related
