From: Matt Fretwell (no email)
Date: Sun May 15 2005 - 13:21:56 EDT
Kevin Pang wrote:
> The spam email entry in the log file look like:
> May 14 14:55:03 pang postfix/smtp[46011]: EC0C595C90: to=<>,
> relay=mail2.iecc.com[208.31.42.98], delay=724, status=sent (250 ok
> 1116100192 qp 2255)
>
> What kind of information can I get from it? It would be great if I can
> find which script the spammer used, then I can remove it and start my
> mail server again. Also probably find how the spammer achieve it.
You need to include the relevant few lines preceding that line from the
maillog as well, (the ones which pertain to that actual delivery). That
line merely says where it went, not by whom, or how, it was submitted.
Matt
|
|
|