Open relay?
Maxim Sorokin
max at horosh.ru
Mon Mar 6 16:04:06 CET 2006
> > Several providers wrote us that a lot of spam started to go through
> > our server about 1 month ago.
> > How can I check is it security bug or settings? May be some
> users got
> > a virus or trojan - how to check their IP?
> > We checked that the server is NOT open relay (directly, but I know
> > there are some ways to change headers and use non-open relay).
> > Check Postfix log?
> >
>
> Check the postfix log. It will give you some answers.
Thank you Andy.
I could find the records about this queue, but how can I find local user?
For example the spam header is:
Received: from localhost (localhost [127.0.0.1])
by mx.xxx.ru (Postfix) with ESMTP id 49C671BD951;
Mon, 6 Mar 2006 04:56:26 +0300 (MSK)
And the record in the Postfix log:
Mar 06 11:16:26 mx <info> postfix/qmgr[2177]: 49C671BD951: from
<info at turtleback.net>, size=3834, nrcpt=37 (queue active)
IP-????
Max
More information about the users
mailing list