[vox-tech] spams originating from my friends server
Rick Moen
vox-tech@lists.lugod.org
Tue, 20 Jan 2004 08:37:31 -0800
Quoting karthikeyan.balasubramanian (karthikeyan.balasubramanian@aspiresys.com):
> One my friend has a server with some limited number of hosting.
>
> He is managing the whole server through CPanel. Now he is getting
> complaints from various people that lots of spam is coming from his
> server.
Your friend's logical first step is to request copies of the offending
e-mails _with full headers_. People often fail to comprehend the latter
phrase, or are so unable to use their own mail user agents that they
prove hapless to comply, so that first step can be a challenge.
Once he is in possession of some sample e-mails, the next step is to
analyse SMTP headers to determine the mail's origin. If your friend
doesn't yet know how to do that, he's behind the curve and needs to
catch up. (What I mean is that it's a prerequisite knack for anyone
running an MTA, for reasons your friend is now finding out.) The
alt.spam FAQ's tutorial on the subject is as good as any:
http://digital.net/~gandalf/spamfaq.html#item2
Often, it turns out that the complainant is fundamentally mistaken, and
the offending mail never went anywhere near your MTA. People frequently
file mistaken reports of this nature because they credulously believe
forged "From:" and similar headers, having themselves never learned
header analysis. Spammers and creators of malware software typically
cause headers to be forged in order to evade responsibility and shift
all blame onto others (such as your friend).
Once the mail's IP address of origin has been narrowed down, your friend
may no longer bear responsibility for the mail at all. Alternatively,
if it _did_ enter the SMTP stream at his host, he can examine his logs
to find out from whom, how, and when.
> SMTP port is blocked already
The above is a bit vague. Blocked from where? Surely it isn't blocked
from localhost, for example.
--
Cheers,
Rick Moen "vi is my shepherd; I shall not font."
rick@linuxmafia.com -- Psalm 0.1 beta