Date: Sat, 06 Jan 2007 12:15:50 -0800 From: Garrett Cooper <youshi10@u.washington.edu> To: freebsd-questions@freebsd.org Subject: Re: stopping my server from spamming Message-ID: <45A00376.9040501@u.washington.edu> In-Reply-To: <20070106194117.GA8958@skytracker.ca> References: <20070106194117.GA8958@skytracker.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Banning wrote: > I have been blacklisted for spamming and I am attempting to ascertain the > source. > > I have a few networked windows boxes which route through a FBSD > server. I also have around ten off-site users who sendmail via port > 26 - using smtp password authentication. How do I determine which > email going through the server is spam, and therefore identify the > source? First, you should take a look at mail headers to see if you can determine what the issue could be. For instance, my SMTP provider's DNS wasn't resolving properly with as of late, so my email was being marked as spam by many users. This could be your case.. Using nmap / tcpdump / snort to find rogue SMTP hosts is the next step I would pursue. Remember though, your hosts may not be causing the spam and it could instead be spoofing of some kind. For that, you can't do anything except talk to the mail providers that blacklisted your domain and get things cleared up. Ultimately, I suggest switching to entirely AUTH based SMTP though to prevent this issue from occurring. You can either block port 25 from being routed or use net/smtptrapd (see <http://smtptrapd.inodes.org/>). - -Garrett -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFoAN2EnKyINQw/HARAkXCAKCcYgBB4gFvQMMDwr/VGN+jtGT1lgCeLbjL yQzU9J77Zlq0Dd/EcT4gkQo= =8TRt -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45A00376.9040501>