yet another spam problem
Posted: Sun Jan 27, 2008 7:34 pm
I have spam originating from my server and I'm unable to stop it unfortunately. I've check and logged the web and scripts and its not any kind of script.
STMP is used for the spam. I'm unable to find the user of the authenticated mail account if it exist. Or maybe qmail is hacked ???
Qmail-scanner, clamav and greylisting is installed in the server.
How can I trace the source ???
Plesk is 8.0.1.
Here is a log:
Received: (qmail 3849 invoked by uid 10172); 27 Jan 2008 14:49:19 +0200
Received: from 59.35.2.67 by myserver.com (envelope-from < mprt@myserver.com> , uid 2020) with qmail-scanner-2.01st
(clamdscan: 0.88.3/5565. perlscan: 2.01st.
Clear:RC:0(59.35.2.67):.
Processed in 0.065468 secs); 27 Jan 2008 12:49:19 -0000
Received: from 67.2.35.59.broad.st.gd.dynamic.163data.com.cn (HELO yjrq) (59.35.2.67)
by myserver.com with SMTP; 27 Jan 2008 14:49:18 +0200
Message-ID: < 001344848114$43158547$32368861@yjrq>
From: =?big5?B?uvS49KbmvlCkQKfiuG4=?= < mprt@myserver.com>
STMP is used for the spam. I'm unable to find the user of the authenticated mail account if it exist. Or maybe qmail is hacked ???
Qmail-scanner, clamav and greylisting is installed in the server.
How can I trace the source ???
Plesk is 8.0.1.
Here is a log:
Received: (qmail 3849 invoked by uid 10172); 27 Jan 2008 14:49:19 +0200
Received: from 59.35.2.67 by myserver.com (envelope-from < mprt@myserver.com> , uid 2020) with qmail-scanner-2.01st
(clamdscan: 0.88.3/5565. perlscan: 2.01st.
Clear:RC:0(59.35.2.67):.
Processed in 0.065468 secs); 27 Jan 2008 12:49:19 -0000
Received: from 67.2.35.59.broad.st.gd.dynamic.163data.com.cn (HELO yjrq) (59.35.2.67)
by myserver.com with SMTP; 27 Jan 2008 14:49:18 +0200
Message-ID: < 001344848114$43158547$32368861@yjrq>
From: =?big5?B?uvS49KbmvlCkQKfiuG4=?= < mprt@myserver.com>
10172:111:Qmail-Scanner Account:/var/spool/qscan:/bin/false