Control Web Panel
WebPanel => E-Mail => Topic started by: Tcap on February 20, 2020, 11:47:56 AM
-
They have been trying to spam with different addresses from my server for 3 days.
Also, if I don't use a spam gateway, my ip addresses would be blacklisted.
Spam email cannot be escaped via spam gateway BUT...
How is spam trying to send spam with a different email address from my server? where is it open i couldn't find it..
anyways....
this came to my mind... this update. Was this spam problem due to postfix...
have you had problems like me? What do you think about this subject..
-
you need to read mail server logs, any system admin can detect spam source.
Also, there are several instructions about spam detecting on the cwp wiki.
-
you need to read mail server logs, any system admin can detect spam source.
Also, there are several instructions about spam detecting on the cwp wiki.
Feb 19 19:18:52 svr9 postfix/cleanup[10308]: 3F948122EA5: message-id=<888762249cd5500cec3191b83ace7aed@elektrokalori.com.tr>
Feb 19 19:18:53 svr9 postfix/qmgr[28101]: 3F948122EA5: from=, size=1421181, nrcpt=15 (queue active)
Feb 19 19:18:53 svr9 postfix/pickup[3665]: 347E9124223: uid=99 from=
of course i looked
this domain is not on my server
how should I interpret. no more marks...
-
this is not a complete log for the email, you should check all lines related to the email causing an issue
-
this is not a complete log for the email, you should check all lines related to the email causing an issue
sorry but there are no other details
I use this module=viewerlogs
and module=csfofficial (search system logs )
or any other technique..
-
b 19 19:18:52 svr9 postfix/smtpd[9877]: 3F948122EA5: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=exempel@agxxxxxxlo.com (my customer)
Feb 19 19:18:52 svr9 postfix/cleanup[10308]: 3F948122EA5: message-id=<888762249cd5500cec3191b83ace7aed@elektrokalori.com.tr> (spammer)
my customer is hacked
logged in from client's account
did i interpret correctly?