[plug] any advice
Patrick Coleman
blinken at gmail.com
Fri Aug 6 15:04:35 WST 2010
On Fri, Aug 6, 2010 at 2:05 PM, Jon L Miller
<jlmiller at mmtnetworks.com.au> wrote:
> I did a capture on the mailserver and this is what one of the streams
> produced.
> 220 mmtlnx.mmtnetworks.com.au ESMTP Postfix
If you're running Postfix, looking at /var/log/mail.log will tell you
the IP of the machine sending your mailserver the spammy email. Lines
like:
Aug 6 14:41:28 shell postfix/smtpd[2692]: A89BF6057:
client=na3sys009amx258.postini.com[74.125.149.142]
Aug 6 14:41:31 shell postfix/cleanup[4068]: A89BF6057:
message-id=<20100806064116.6065C54136 at i4-m3.sendgrid.net>
Aug 6 14:41:31 shell postfix/qmgr[1130]: A89BF6057:
from=<fakespamdomain at spamspamspam.com>, size=12473, nrcpt=1 (queue
active)
Aug 6 14:41:31 shell deliver(pcoleman at labyrinthdata.net.au):
msgid=<20100806064116.6065C54136 at i4-m3.sendgrid.net>: saved mail to
INBOX
Aug 6 14:41:31 shell postfix/pipe[4069]: A89BF6057:
to=<pcoleman at labyrinthdata.net.au>, relay=virtual, delay=6.6,
delays=6.5/0.01/0/0.09, dsn=2.0.0, status=sent (delivered via virtual
service)
Aug 6 14:41:31 shell postfix/qmgr[1130]: A89BF6057: removed
Aug 6 14:41:32 shell postfix/smtpd[2692]: disconnect from
na3sys009amx258.postini.com[74.125.149.142]
...indicate that 74.125.149.142 connected, and gave you a message from
fakespamdomain at spamspamspam.com, to pcoleman at labyrinthdata.net.au.
Hope that helps?
Cheers,
Patrick
http://www.labyrinthdata.net.au - WA Backup, Web and VPS Hosting
More information about the plug
mailing list