Email security question
 

Hi!

If anyone knows - how can I find out where someone is sending emails from? Some asshole is sending spam through my server somehow - I'm getting returned emails with madeup email addresses on my domain - I can lock them out of the server, but I can't figure out who to lock out, since the emails come back with my domain as the point of origin! Help!!:confused:

Hey Danbo... sounds as though someone is spoofing mass mailings through your mail server. Get with your ISP tech staff and they can stop it.

You need to be checking your server logs. You should be able to get the ip address that way. And you might want to look at the way sendmail is configured.

I'm so dumb! I've checked my server logs, but I don't really know what I'm looking for - how do I determine (if anyone knows) which IP is the offender?

Also, I've contacted my ISP - they told me to report it to their 'abuse' center, but even they can't figure out how this guy is doing it!! My sendmail program is set up properly, all of my security is in place - I guess my question is: HOW? How is this person able to spoof my server like this, without access to any of the secure areas of the server? :bonk:

Check out http://samspade.org/

Download the application, it's fantastic.

Also, read the stuff in their library section. You'll find there all you want to know.

Thanks, I caught the little prick! :D

I used Traceroute and IPWhois and found him on SBC's network - they cut off his internet service, shut down his website, and reported him to the FBI!! Awesome!!

Once again, thanks to all who helped - this was a tough nut to crack! The only bad thing is, it can happen again - as I've learned today, there is no such thing as 'total' security...just have to keep on guard!!::-|

Congrats on nailing the sucker! Sendmail is never going to be 100% secure so if you don't actually need it you should consider getting it disabled.