Can't Locate Local Spam Source

May 3, 2007

My server running and update CentOS 4.4. In the last hours lot of spam are being send form my server to the world. I'm unable to locate the source.
Sendmail is define to relay localhost, and it seems that the source is local!

It seem that all the email are send from apache@mydomain.com to user@mydomain.com
Sendmail is configure to accept for local delivery mail for domain mydomain.com
Here is trace of spam session:

Quote:

May 3 14:39:51 active sendmail[17696]: NOQUEUE: connect from mydomain.com [127.0.0.1]
May 3 14:39:51 active sendmail[17696]: AUTH: available mech=CRAM-MD5 DIGEST-MD5 PLAIN ANONYMOUS LOGIN, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: Milter: no active filter
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 220 mydomain.com ESMTP Sendmail 8.13.1/8.12.8; Thu, 3 May 2007 14:39:51 +0300
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: <-- EHLO mydomain.com
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-mydomain.com Hello mydomain.com [127.0.0.1], pleased to meet you
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-ENHANCEDSTATUSCODES
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-PIPELINING
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-8BITMIME
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-SIZE
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-DSN
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-ETRN
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-AUTH DIGEST-MD5 CRAM-MD5
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250-DELIVERBY
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250 HELP
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: <-- MAIL From:<apache@mydomain.com> SIZE=133 AUTH=apache@mydomain.com
May 3 14:39:51 active sendmail[17696]: ruleset=trust_auth, arg1=apache@mydomain.com, relay=mydomain.com [127.0.0.1], reject=550 5.7.1 <apache@mydomain.com>... not authenticated
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250 2.1.0 <apache@mydomain.com>... Sender ok
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: <-- RCPT To:<reports@mydomain.com>
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250 2.1.5 <reports@mydomain.com>... Recipient ok
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: <-- DATA
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 354 Enter mail, end with "." on a line by itself
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: from=<apache@mydomain.com>, size=410, class=0, nrcpts=1, msgid=<200705031139.l43BdpDW017695@mydomain.com>, proto=ESMTP, daemon=MTA, relay=mydomain.com [127.0.0.1]
May 3 14:39:51 active sendmail[17696]: l43Bdpg2017696: --- 250 2.0.0 l43Bdpg2017696 Message accepted for delivery
May 3 14:39:51 active sendmail[17696]: l43Bdpg3017696: <-- QUIT
May 3 14:39:51 active sendmail[17696]: l43Bdpg3017696: --- 221 2.0.0 mydomain.com closing connection

It seems the spam message BCC contain a lot of victims address, that not from mydomain.

Is some one connect form outside and spoof 127.0.0.1 ?

If it local process, ho do I locate it?

I scan /tmp and my web server root for suspicious file and didn't find nothing!

View 1 Replies


ADVERTISEMENT

Open Source Anti Spam Gateway

Dec 4, 2008

Does anybody know of any open source Anti Spam gateway for mail servers? I have used MailCleaner and know how it works. Is there any other available?

View 3 Replies View Related

Open Source Anti-spam/virus Server?

Feb 20, 2008

I want to set up a dedicated server for spam and virus filtering (MX)

But i was wondering, is there a good opensource based tool for this?

View 14 Replies View Related

Kernel Source Install Help Needed On Fc6 X64I Am Trying To Install The Kernel Source.

May 13, 2007

I am trying to install the kernel source.
I have downloaded kernel-2.6.20-1.2948.fc6.src.rpm
I am using fedora 6 64bit.
here are my current kernels:

kernel-headers-2.6.20-1.2948.fc6
kernel-devel-2.6.20-1.2944.fc6
yum-kernel-module-1.0.3-1.fc6
kernel-2.6.20-1.2944.fc6
kernel-devel-2.6.20-1.2948.fc6
kernel-2.6.20-1.2948.fc6


here is what I seen when I installed kernel-2.6.20-1.2948.fc6.src.rpm

rpm -ivh kernel-2.6.20-1.2948.fc6.src.rpm
1:kernel warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root
warning: user brewbuilder does not exist - using root
########################################### [100%]
warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root


then when I ran:
rpmbuild -bp --target=$(uname -m) /usr/src/redhat/SPECS/kernel-2.6.spec

I seen this error:
+ Arch=x86_64
+ make ARCH=x86_64 nonint_oldconfig
In file included from /usr/include/sys/socket.h:35,
from /usr/include/netinet/in.h:24,
from /usr/include/arpa/inet.h:23,
from scripts/basic/fixdep.c:117:
/usr/include/bits/socket.h:310:24: error: asm/socket.h: No such file or directory
make[1]: *** [scripts/basic/fixdep] Error 1
make: *** [scripts_basic] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.93770 (%prep)


I need to have this installed to get a app installed etc...
suggestions or ideas?
thanks

View 2 Replies View Related

How Do I Locate 777 Files

May 23, 2007

How do I locate a list of files or folder with 777 permissions?

View 3 Replies View Related

Can't Locate Crypt/CipherSaber.pm

May 13, 2009

i got this error on some of the sites on my server

the script company says it's something wrong with perl

Code:
Can't locate Crypt/CipherSaber.pm in @INC (@INC contains: Plugins Modules /usr/local/lib/perl5/5.8.8/i686-linux /usr/local/lib/perl5/5.8.8 /usr/local/lib/perl5/site_perl/5.8.8/i686-linux /usr/local/lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/site_perl .) at Modules/Session.pm line 283.

View 3 Replies View Related

Locate Large Files

Jul 7, 2008

I am trying to locate what large file are filling up the / on the server but I am having trouble using the find command to do this.

View 1 Replies View Related

What Country To Locate This VPN Server In

Oct 21, 2007

I am in the process of setting up a VPN server for a client who lives in a Middle Eastern country.

He will be using the VPN for all his internet surfing, email access, etc. (So the VPN will be his internet gateway. His local ISP connection will only be used to make the VPN connection.)

The majority of his internet surfing through the VPN will be to US websites.

Where is the best place to locate the VPN server? I have two datacenters available to choose from: USA or UK

View 8 Replies View Related

Apache :: Need To Locate A Directory

Jul 10, 2014

When I enter my_domain.com the browser displays index.php located in httpdocs on my server. When I enter my_domain.com/main/ the browser displays another page, but there's no directory "main" in my httpdocs. Somehow it's redirected to another location (but in URL bar in the browser it's still my_comain.com/main/). I need to find that location.

As I searched through the web, such redirection can be made in .htaccess file, but I can't locate this one either. My server is Apache on CentOS6, and httpdocs directory is located in /var/www/vhosts/my_domain.com. I searched for .htaccess in several locations that I googled, I also tried executing "find / -type d -name '.htaccess'" on PuTTy, but it gives no results.

View 2 Replies View Related

Apache/php Locate Infnite Loop

Dec 3, 2008

my system sometimes just hangs, until i manage to restart apache.

i believe one of my programs, most likely php scripts, has infinite loop, unfortunately i'm clueless which script, where.

View 3 Replies View Related

Bash: Locate: Command Not Found

May 10, 2008

I have a problem with my server

when I do

locate ***

-bash: locate: command not found

& I did

updatedb

-bash: updatedb: command not found

View 13 Replies View Related

Network Solutions - Locate Files Outside Of Doc Root

Apr 24, 2008

if anyone knew if with Network Solutions advanced hosting package on unix there was a way to store the documents outside of document root? If not is there a good way to secure a folder/files that is in the document root from users?

View 1 Replies View Related

Apache :: Unable To Locate MSI Install Package For 2.4.12

May 18, 2015

I am unable to locate the MSI install package for 2.4.12.

View 2 Replies View Related

Plesk 12.x / Windows :: MailEnable Locate Spammer

Nov 5, 2014

My System is a Windows Server 2012 r2 with Plesk 12.

On this system i have installed MailEnable as my Mailserver.

So at the moment something is spam on this server, but i can't find out who is it.

Received: from win02.XXXXXX([MY IP] helo=WIN02.home)
(envelope-from <root@XXXXXXXX>)
id 1XlyHP-00038b-R0
for x; Wed, 05 Nov 2014 11:57:37 +0100

[Code].....

The header is meaning that the spams come from root@, but there is no account with the name root@...

On linux it is so easy to find the spam with qmail or postfix. Why mailenable it is so difficult

View 3 Replies View Related

XFP Source?

Oct 17, 2009

I'm under the gun, and looking for a source for 40km and 80km XFPs (e.g. Finisar, Agilestar), who keeps them in stock and at a good price. I prefer to work with vendors who are subject to US law.

View 1 Replies View Related

XEN Source Max Ips

Jun 21, 2007

Does xensource support more than 3 ips per domU?

View 2 Replies View Related

APC Cabinet Source

Jul 31, 2009

Anybody have a good source for APC cabinets? I need a full truck-load of AR3100.

View 12 Replies View Related

Open Source SAN

Apr 14, 2009

I bought two Dell R200 because they was extremely cheap.

My target is Open Source SAN with active/passive setup.

Now i was wondering what RAID-level I should go for.

I will use 1TB SATA-II disks.

1) RAID-1 in both servers and mirror each other with DRBD.
With this setup i have like double RAID-1 so i lose lots of disk space.
4 disks -> 1TB

2) No-raid at all and i will mirror data with DRBD.
4 disks -> 2TB

Then there is change to go for RAID-5. Theres enough space to put third disk in that case

3) RAID-5 in both servers. Mirrors data with DRBD.
6 disks -> 2TB but more performance.

But in every setup i lose space more then i would like to.

Actually i dont need space more then 1TB, but i would like to get best possible redundancy and most space available i could.

Also need to remember that those servers does not support hot-plug HDs so in case there is disk-failure i need to be able to shutdown one server and iSCSI should still be up and running.

Of course theres change to make it active/active.

I was thinking that if I go for the RAID-5 I will make LVM-VG on both nodes (san-vg1 and san-vg2) and use it 50/50.

In case of fail both VG's will be used from working node.

Im going to use Debian Lenny I guess..

I was looking for OpenFiler because of the GUI, but im familiar with Debian and have always done everything from cmd.

View 1 Replies View Related

Apt-get Php5 Or From Source

Jan 20, 2008

Running ubuntu server 6 if I apt-get php5 the version I get is 5.1.2.

Now the latest version on the php.net site is 5.2.5.

Does it really make much of a difference if I'm slightly below current? What are your thoughts please?

I know if I go compiling from source php and mysql are difficult to get working together which is why I like the apt-get method.

View 1 Replies View Related

Website Source

Sep 25, 2007

Website source is a great hosting company! They host up to 8 domains for $107.00.. They have great customer service and they offer 24 hours online support.

View 6 Replies View Related

Open Source A/V

Sep 22, 2007

an A/V kind of solution, that allows me to use my own custom signatures, etc. just wondered if such a thing existed.

View 2 Replies View Related

Php Source Code

Jun 10, 2007

does anybody have a script that can veiw the php source code before it runs to the server of an external site

View 1 Replies View Related

Open Source FTP Client

Oct 1, 2009

I am looking for a opensource ftp client so I don't have to license a million computers with it. Any body have any good ones they can list?

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved