From owner-freebsd-questions@FreeBSD.ORG  Sun May 15 16:56:43 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7275A16A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 15 May 2005 16:56:43 +0000 (GMT)
Received: from server010.webpack.hosteurope.de
	(server010.webpack.hosteurope.de [80.237.130.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CD1FB43D80
	for <freebsd-questions@freebsd.org>;
	Sun, 15 May 2005 16:56:40 +0000 (GMT)
	(envelope-from kevin@vokaboly.de)
Received: by server010.webpack.hosteurope.de running Exim 4.34 using asmtp
	from p508660c0.dip.t-dialin.net ([80.134.96.192] helo=kevin)
	id 1DXMPv-0005BX-HA; Sun, 15 May 2005 18:56:39 +0200
Message-ID: <004001c5596f$89139110$6402a8c0@kevin>
From: "Kevin Pang" <kevin@vokaboly.de>
To: <freebsd-questions@freebsd.org>
Date: Sun, 15 May 2005 19:00:02 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1478
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
Subject: Spam Problems
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 May 2005 16:56:43 -0000

Hello All,

I'm a newbie and manage a FreeBSD server, which only hosts my own websites,
also only me have shell accounts on this server. Someone sent out lots of
spams from my server today. I have stopped postfix and disabled mail command
to make sure no any emails will be sent to from this server.

I want to know how the spammer did that. Actually I didn't manage postfix to
work well, I even can't send emails from my desktop myself, on the server
side, sending/receiving emails works well. I guess the spams were sent via a
web script. The sender was specified as "www@myhost.com" according to the
complaint email. I use phpBB, vBulletin and Awstats.

The spam email entry in the maillog is:
May 14 14:55:03 pang postfix/smtp[46011]: EC0C595C90: to=<xxx@xxx.com>,
relay=mail2.iecc.com[208.31.42.98], delay=724, status=sent (250 ok
1116100192 qp 2255)


As a newbie, I have no idea where to start to fix the problem. My first
question: Is it possible to know which script sent out these spams? I don't
know what else to ask at the moment. I will appreciate it very much too if
you any other suggestions about my problems. Thanks!

Kevin