l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2004 Jan 20 11:09

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] spams originating from my friends server
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] spams originating from my friends server

Quoting karthikeyan.balasubramanian (karthikeyan.balasubramanian@aspiresys.com):

>   One my friend has a server with some limited number of hosting.
>   He is managing the whole server through CPanel.  Now he is getting
> complaints from various people that lots of spam is coming from his 
> server.  

Your friend's logical first step is to request copies of the offending
e-mails _with full headers_.  People often fail to comprehend the latter
phrase, or are so unable to use their own mail user agents that they
prove hapless to comply, so that first step can be a challenge. 

Once he is in possession of some sample e-mails, the next step is to 
analyse SMTP headers to determine the mail's origin.  If your friend
doesn't yet know how to do that, he's behind the curve and needs to
catch up.  (What I mean is that it's a prerequisite knack for anyone
running an MTA, for reasons your friend is now finding out.)  The
alt.spam FAQ's tutorial on the subject is as good as any:

Often, it turns out that the complainant is fundamentally mistaken, and
the offending mail never went anywhere near your MTA.  People frequently
file mistaken reports of this nature because they credulously believe 
forged "From:" and similar headers, having themselves never learned
header analysis.  Spammers and creators of malware software typically
cause headers to be forged in order to evade responsibility and shift
all blame onto others (such as your friend).

Once the mail's IP address of origin has been narrowed down, your friend
may no longer bear responsibility for the mail at all.  Alternatively,
if it _did_ enter the SMTP stream at his host, he can examine his logs
to find out from whom, how, and when.

> SMTP port is blocked already

The above is a bit vague.  Blocked from where?  Surely it isn't blocked
from localhost, for example.

Rick Moen                      "vi is my shepherd; I shall not font."
rick@linuxmafia.com                               -- Psalm 0.1 beta
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!