Facebook
Twitter
A
Artur
Guest
We had a customer sign up and appear to be completely normal, signed up for a normal account, paid in a normal way and behaved completely fine. However, there was an immense amount of spam complaints coming in and I finally broke down and decided to track who is to blame.
The headers suggested that it was a legitimate message that was being relayed through our server, so, here is the command I used to see who is connecting to SMTP:
cat /var/log/secure*|grep smtp|awk -F: '{print $5}'|sed 's/^.*from=//; s/\.[0-9]\{1,3\}$//;'|sort|uniq -c|sed 's/^ *//;'|sort -gnr|more
Then I confirmed in /var/log/messages which website user is authenticating with the top hitting ip addresses and cancel their account.
The headers suggested that it was a legitimate message that was being relayed through our server, so, here is the command I used to see who is connecting to SMTP:
cat /var/log/secure*|grep smtp|awk -F: '{print $5}'|sed 's/^.*from=//; s/\.[0-9]\{1,3\}$//;'|sort|uniq -c|sed 's/^ *//;'|sort -gnr|more
Then I confirmed in /var/log/messages which website user is authenticating with the top hitting ip addresses and cancel their account.
