1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

How to fight SMTP relaying

Discussion in 'Plesk for Linux - 8.x and Older' started by Artur, Oct 12, 2005.

  1. Artur

    Artur Guest

    We had a customer sign up and appear to be completely normal, signed up for a normal account, paid in a normal way and behaved completely fine. However, there was an immense amount of spam complaints coming in and I finally broke down and decided to track who is to blame.

    The headers suggested that it was a legitimate message that was being relayed through our server, so, here is the command I used to see who is connecting to SMTP:

    cat /var/log/secure*|grep smtp|awk -F: '{print $5}'|sed 's/^.*from=//; s/\.[0-9]\{1,3\}$//;'|sort|uniq -c|sed 's/^ *//;'|sort -gnr|more

    Then I confirmed in /var/log/messages which website user is authenticating with the top hitting ip addresses and cancel their account.
  2. Griffith

    Griffith Guest

    What is actually causing and smtp pid..... in /var/log/messages.. one IP occured over 15000 times, but I couldn't find it in /var/log/messages and no trace in /usr/local/psa/var/log/messages or any other file..

    so..what is causing those pids?

    Actually noticed that if I
    telnet my_server.com 25
    I got a pid in secure log.. does this mean that someone is trying to relay, but doesn't get trough?