Article ID: 118935, created on Nov 29, 2013, last review on May 6, 2014

  • Applies to:
  • Operations Automation 5.4

Question

There is a lot of spam mail outgoing from the mail server. Is it possible to determine the domain from which they are being sent?

Answer

The mail logs should contain lines similar to:

Aug 16 11:23:33 linweb02 sender=y100124[22430]: r7G3M2Md022430: to=<EMAIL>, ctladdr=apache (48/48), delay=00:01:31, xdelay=00:00:00, mailer=relay, pri=34431, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]

The sender ID(100124) in the mail log match is the webspace ID that could be found in Provider Panel > Shared Hosting Manager > Webspaces.

Search Words

spam through web server

ac82ce33439a9c1feec4ff4f2f638899 caea8340e2d186a540518d08602aa065 5356b422f65bdad1c3e9edca5d74a1ae 2554725ed606193dd9bbce21365bed4e e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF