From owner-freebsd-questions@FreeBSD.ORG  Mon Aug 15 18:57:09 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1B5811065670
	for <freebsd-questions@freebsd.org>;
	Mon, 15 Aug 2011 18:57:09 +0000 (UTC)
	(envelope-from bonomi@mail.r-bonomi.com)
Received: from mail.r-bonomi.com (mx-out.r-bonomi.com [204.87.227.120])
	by mx1.freebsd.org (Postfix) with ESMTP id CC57B8FC15
	for <freebsd-questions@freebsd.org>;
	Mon, 15 Aug 2011 18:57:07 +0000 (UTC)
Received: (from bonomi@localhost)
	by mail.r-bonomi.com (8.14.4/rdb1) id p7FIvqYe038073;
	Mon, 15 Aug 2011 13:57:52 -0500 (CDT)
Date: Mon, 15 Aug 2011 13:57:52 -0500 (CDT)
From: Robert Bonomi <bonomi@mail.r-bonomi.com>
Message-Id: <201108151857.p7FIvqYe038073@mail.r-bonomi.com>
To: alexus@gmail.com, freebsd-questions@freebsd.org
In-Reply-To: <CAJxePNKiEmdimqgdtS-jYPOxExL6a489SR5JW2kCd25X6QFuHQ@mail.gmail.com>
Cc: 
Subject: Re: looking for a spammer/virii/malware .... on my system
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2011 18:57:09 -0000

> From owner-freebsd-questions@freebsd.org  Mon Aug 15 12:37:33 2011
> Date: Mon, 15 Aug 2011 13:05:15 -0400
> From: alexus <alexus@gmail.com>
> To: freebsd-questions@freebsd.org
> Subject: looking for a spammer/virii/malware .... on my system
>
> I received a SPAM complain from my ISP and we're trying to figure out
> what/where the problem is...
>
> from headers:
>
> Received: from 64.237.55.83 by webmail.west.cox.net; Sun, 14 Aug 2011
> 18:43:41 -0400
>
> 64.237.55.83 is an IP that resides on my box, obviously I'm not
> sending out any spam intentionally, so maybe some of my users do and
> not necessarily intentionally either could be a virus or malware or
> whatever doesn't really matter, I just want to stop it.
>
> so just for now I did this
>
> su-3.2# ipfw add 666 deny ip from any to webmail.west.cox.net via any
> 00666 deny ip from any to 68.6.19.1
> su-3.2#
>
> what else can I do to find it on my system who's trying to connect to
> remote webmail.west.cox.net ?
>
>
> -- 
> http://alexus.org/
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>