From owner-freebsd-questions@FreeBSD.ORG Sun May 15 19:18:34 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1BEC16A4CE for ; Sun, 15 May 2005 19:18:34 +0000 (GMT) Received: from argent.heraldsnet.org (argent.heraldsnet.org [64.83.41.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7406F43DE1 for ; Sun, 15 May 2005 19:18:34 +0000 (GMT) (envelope-from jtrigg@spamcop.net) Received: from [192.168.1.4] (vair.heraldsnet.org [192.168.1.4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by argent.heraldsnet.org (Postfix) with ESMTP id 34CB3124; Sun, 15 May 2005 15:18:32 -0400 (EDT) Message-ID: <4287A07C.4070607@spamcop.net> Date: Sun, 15 May 2005 15:18:20 -0400 From: Jim Trigg User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Kevin Pang References: <004001c5596f$89139110$6402a8c0@kevin> In-Reply-To: <004001c5596f$89139110$6402a8c0@kevin> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: Spam Problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 May 2005 19:18:35 -0000 Kevin Pang wrote: > Hello All, > > I'm a newbie and manage a FreeBSD server, which only hosts my own websites, > also only me have shell accounts on this server. Someone sent out lots of > spams from my server today. I have stopped postfix and disabled mail command > to make sure no any emails will be sent to from this server. > > I want to know how the spammer did that. Actually I didn't manage postfix to > work well, I even can't send emails from my desktop myself, on the server > side, sending/receiving emails works well. I guess the spams were sent via a > web script. The sender was specified as "www@myhost.com" according to the > complaint email. I use phpBB, vBulletin and Awstats. > > The spam email entry in the maillog is: > May 14 14:55:03 pang postfix/smtp[46011]: EC0C595C90: to=, > relay=mail2.iecc.com[208.31.42.98], delay=724, status=sent (250 ok > 1116100192 qp 2255) > > > As a newbie, I have no idea where to start to fix the problem. My first > question: Is it possible to know which script sent out these spams? I don't > know what else to ask at the moment. I will appreciate it very much too if > you any other suggestions about my problems. Thanks! If you post the output of 'postconf -n' we can determine what might be wrong in your postfix setup; if that looks good then it's probably one of the addon web packages. Jim