1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How to fight SMTP relaying

Discussion in 'Plesk for Linux - 8.x and Older' started by Artur, Oct 12, 2005.

  1. Artur

    Artur Guest

    We had a customer sign up and appear to be completely normal, signed up for a normal account, paid in a normal way and behaved completely fine. However, there was an immense amount of spam complaints coming in and I finally broke down and decided to track who is to blame.

    The headers suggested that it was a legitimate message that was being relayed through our server, so, here is the command I used to see who is connecting to SMTP:

    cat /var/log/secure*|grep smtp|awk -F: '{print $5}'|sed 's/^.*from=//; s/\.[0-9]\{1,3\}$//;'|sort|uniq -c|sed 's/^ *//;'|sort -gnr|more

    Then I confirmed in /var/log/messages which website user is authenticating with the top hitting ip addresses and cancel their account.
  2. Griffith

    Griffith Guest

    What is actually causing and smtp pid..... in /var/log/messages.. one IP occured over 15000 times, but I couldn't find it in /var/log/messages and no trace in /usr/local/psa/var/log/messages or any other file..

    so..what is causing those pids?

    Actually noticed that if I
    telnet my_server.com 25
    I got a pid in secure log.. does this mean that someone is trying to relay, but doesn't get trough?