Date: Mon, 8 Jan 2007 21:24:30 -0500 From: David Banning <david+dated+1168741471.eb2ad3@skytracker.ca> To: Garrett Cooper <youshi10@u.washington.edu>, questions@freebsd.org Subject: Re: stopping my server from spamming Message-ID: <20070109022428.GA63703@skytracker.ca> In-Reply-To: <45A00376.9040501@u.washington.edu> References: <20070106194117.GA8958@skytracker.ca> <45A00376.9040501@u.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
I think I located the problem. I discovered through one of the blacklist hosters when exactly they received the spam and that helped me track it to a virus infected windows box. > > Using nmap / tcpdump / snort to find rogue SMTP hosts is the next step I > would pursue. Remember though, your hosts may not be causing the spam > and it could instead be spoofing of some kind. For that, you can't do > anything except talk to the mail providers that blacklisted your domain > and get things cleared up. These utilities where the direction of what I was looking for. Thanks for that - I will look at the use of each and how I can trace what is going on for future reference. > Ultimately, I suggest switching to entirely AUTH based SMTP though to > prevent this issue from occurring. You can either block port 25 from > being routed or use net/smtptrapd (see <http://smtptrapd.inodes.org/>). done. Thanks Garret
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070109022428.GA63703>