Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: pisaacs on November 11, 2015, 10:44:28 AM
-
G'day,
My business server has ended up on the RBL as a spammer, stopping us from sending email to some of our our existing customers.
I am out of my depth with this.
I need to establish whether we are actually spamming through our server or not, or whether something else is going on (hacked or something else).
Unfortunately I don't know how to do that.
It seems to me that if I could get a report of who we are sending outbound emails to, and which local IP address is generating them, I could determine at least whether the spam is being generated buy an internal PC, or the SME server itself.
I cant find a way to do this with my basic skills.
We run the SME server 9.x with the inbuilt mailserver.
mail.millison.com.au
210.15.237.246
Any ideas would be appreciated,
regards
Paul
-
Paul,
contact the RBL maintainer and ask for details and show them that you are investigating. Next study your logs, either manually or via server manager
-
do you host any webapp (Wordpress, joomla, whatever) on your server?
btw, first of all, disconnect your server from WAN and tell us as much as you can about your setup (smtp proxy enabled, how clients are configured to send email and so on)
TIA
-
G'day,
My business server has ended up on the RBL as a spammer, stopping us from sending email to some of our our existing customers.
I am out of my depth with this.
I need to establish whether we are actually spamming through our server or not, or whether something else is going on (hacked or something else).
For starters look in /var/log/sqpsmtpd
Have a good look there and at all your other system logs for evidence
B. Rgds
John
-
For starters look in /var/log/sqpsmtpd
... and /var/log/qmail/current. Here you'll find a log of all the mails sent from your server.