Hi guys, I have just been informed by my ISP that our network is spamming :-( Some network engineer tells me that normally, it is the mail server that sends out SPAM. Our server happens t run MDaemon, whose configuration appears kinda cryptic to me. the said engineer tells me that there are settings that need to be applied on MDaemon to prevent it from spamming, but she doesn't remember exactly how that's done. It is on this basis that I am imploring MDaermon gurus [if there's such a thing as that] on the list to kindly throw me a lifeline as guys have started complaining of emails not getting delivered to their intended recipients. Please help. Me. -- שִׁמְעוֹן
Your server is probably a blind relay. See this http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-0... On Mon, Nov 23, 2009 at 4:13 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
Hi guys,
I have just been informed by my ISP that our network is spamming :-( Some network engineer tells me that normally, it is the mail server that sends out SPAM. Our server happens t run MDaemon, whose configuration appears kinda cryptic to me. the said engineer tells me that there are settings that need to be applied on MDaemon to prevent it from spamming, but she doesn't remember exactly how that's done. It is on this basis that I am imploring MDaermon gurus [if there's such a thing as that] on the list to kindly throw me a lifeline as guys have started complaining of emails not getting delivered to their intended recipients.
Please help.
Me.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Check out this link http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-0.... Am not an mdaemon expert though, but mail server best practise should be to block open relay by only allowing trusted IPs to relay via your server. On Mon, Nov 23, 2009 at 4:15 PM, Rad! <conradakunga@gmail.com> wrote:
Your server is probably a blind relay. See this http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-0...
On Mon, Nov 23, 2009 at 4:13 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
Hi guys,
I have just been informed by my ISP that our network is spamming :-( Some network engineer tells me that normally, it is the mail server that sends out SPAM. Our server happens t run MDaemon, whose configuration appears kinda cryptic to me. the said engineer tells me that there are settings that need to be applied on MDaemon to prevent it from spamming, but she doesn't remember exactly how that's done. It is on this basis that I am imploring MDaermon gurus [if there's such a thing as that] on the list to kindly throw me a lifeline as guys have started complaining of emails not getting delivered to their intended recipients.
Please help.
Me.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
I would first turn off the server before starting to explore - hoping you have already done that. ./Ok3ch On Mon, Nov 23, 2009 at 4:19 PM, Alex Nderitu <nderitualex@gmail.com> wrote:
Check out this link http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-0.... Am not an mdaemon expert though, but mail server best practise should be to block open relay by only allowing trusted IPs to relay via your server.
On Mon, Nov 23, 2009 at 4:15 PM, Rad! <conradakunga@gmail.com> wrote:
Your server is probably a blind relay. See this http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-0...
On Mon, Nov 23, 2009 at 4:13 PM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Hi guys,
I have just been informed by my ISP that our network is spamming :-( Some network engineer tells me that normally, it is the mail server that sends out SPAM. Our server happens t run MDaemon, whose configuration appears kinda cryptic to me. the said engineer tells me that there are settings that need to be applied on MDaemon to prevent it from spamming, but she doesn't remember exactly how that's done. It is on this basis that I am imploring MDaermon gurus [if there's such a thing as that] on the list to kindly throw me a lifeline as guys have started complaining of emails not getting delivered to their intended recipients.
Please help.
Me.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Shukran guys, Will keep you posted on the progress... and by the way, does it mean that I should scan my mail server for malware? Coz my ISP says that a machine on my LAN is spamming. Should I run a virus scan as well [using a different tool coz KAV says it's as clean as a whistle]? 2009/11/23 Okechukwu <okechukwu@gmail.com>
I would first turn off the server before starting to explore - hoping you have already done that.
./Ok3ch
On Mon, Nov 23, 2009 at 4:19 PM, Alex Nderitu <nderitualex@gmail.com> wrote:
Check out this link
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-0... .
Am not an mdaemon expert though, but mail server best practise should be to block open relay by only allowing trusted IPs to relay via your server.
On Mon, Nov 23, 2009 at 4:15 PM, Rad! <conradakunga@gmail.com> wrote:
Your server is probably a blind relay. See this
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-0...
On Mon, Nov 23, 2009 at 4:13 PM, Simon Mbuthia <simon.mbuthia@gmail.com
wrote:
Hi guys,
I have just been informed by my ISP that our network is spamming :-(
Some
network engineer tells me that normally, it is the mail server that sends out SPAM. Our server happens t run MDaemon, whose configuration appears kinda cryptic to me. the said engineer tells me that there are settings that need to be applied on MDaemon to prevent it from spamming, but she doesn't remember exactly how that's done. It is on this basis that I am imploring MDaermon gurus [if there's such a thing as that] on the list to kindly throw me a lifeline as guys have started complaining of emails not getting delivered to their intended recipients.
Please help.
Me.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- שִׁמְעוֹן
KAV isn't as proficient as KIS.......... On Mon, Nov 23, 2009 at 4:30 PM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Shukran guys,
Will keep you posted on the progress... and by the way, does it mean that I should scan my mail server for malware? Coz my ISP says that a machine on my LAN is spamming. Should I run a virus scan as well [using a different tool coz KAV says it's as clean as a whistle]?
2009/11/23 Okechukwu <okechukwu@gmail.com>
I would first turn off the server before starting to explore - hoping you have already done that.
./Ok3ch
On Mon, Nov 23, 2009 at 4:19 PM, Alex Nderitu <nderitualex@gmail.com> wrote:
Check out this link
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-0.... Am not an mdaemon expert though, but mail server best practise should be to block open relay by only allowing trusted IPs to relay via your server.
On Mon, Nov 23, 2009 at 4:15 PM, Rad! <conradakunga@gmail.com> wrote:
Your server is probably a blind relay. See this
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-0...
On Mon, Nov 23, 2009 at 4:13 PM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Hi guys,
I have just been informed by my ISP that our network is spamming :-( Some network engineer tells me that normally, it is the mail server that sends out SPAM. Our server happens t run MDaemon, whose configuration appears kinda cryptic to me. the said engineer tells me that there are settings that need to be applied on MDaemon to prevent it from spamming, but she doesn't remember exactly how that's done. It is on this basis that I am imploring MDaermon gurus [if there's such a thing as that] on the list to kindly throw me a lifeline as guys have started complaining of emails not getting delivered to their intended recipients.
Please help.
Me.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Actually, the issue may not be on the mail server but like you said a machine on the network (which unfortunately is allowed to relay). First step would be to go via you logs and quarantine the culprit and run the scanning on the host. Some of the checks on the link sent to you earlier like *Allow authenticated SMTP session *may help but would require you to change settings on the clients which is viable in the shortrun if you manage a small LAN. On Mon, Nov 23, 2009 at 4:30 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
Shukran guys,
Will keep you posted on the progress... and by the way, does it mean that I should scan my mail server for malware? Coz my ISP says that a machine on my LAN is spamming. Should I run a virus scan as well [using a different tool coz KAV says it's as clean as a whistle]?
2009/11/23 Okechukwu <okechukwu@gmail.com>
I would first turn off the server before starting to explore - hoping
you have already done that.
./Ok3ch
On Mon, Nov 23, 2009 at 4:19 PM, Alex Nderitu <nderitualex@gmail.com> wrote:
Check out this link
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-0... .
Am not an mdaemon expert though, but mail server best practise should be to block open relay by only allowing trusted IPs to relay via your server.
On Mon, Nov 23, 2009 at 4:15 PM, Rad! <conradakunga@gmail.com> wrote:
Your server is probably a blind relay. See this
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-0...
On Mon, Nov 23, 2009 at 4:13 PM, Simon Mbuthia <
simon.mbuthia@gmail.com>
wrote:
Hi guys,
I have just been informed by my ISP that our network is spamming :-(
Some
network engineer tells me that normally, it is the mail server that sends out SPAM. Our server happens t run MDaemon, whose configuration appears kinda cryptic to me. the said engineer tells me that there are settings that need to be applied on MDaemon to prevent it from spamming, but she doesn't remember exactly how that's done. It is on this basis that I am imploring MDaermon gurus [if there's such a thing as that] on the list to kindly throw me a lifeline as guys have started complaining of emails not getting delivered to their intended recipients.
Please help.
Me.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
On Mon, Nov 23, 2009 at 4:30 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
Shukran guys,
Will keep you posted on the progress... and by the way, does it mean that I should scan my mail server for malware? Coz my ISP says that a machine on my LAN is spamming. Should I run a virus scan as well [using a different tool coz KAV says it's as clean as a whistle]?
From my imagination of your network (since you did not detail that) I can say the problem can even be elsewhere, not necessarily on Mdaemon. Suppose hosts on your network are directly connected to the Internet, they can have spamming engines installed on them that can lead to such complaints. It's pretty easy to see if MDaemon is spamming (let's stick to that term) by simply looking at its session logs. Pretty simple, and you can view those in realtime. If you don't know how to do this, then you should reconsider running MDaemon, seriously. Outsource that function.
Did the ISP techie tell you which host is spamming? If the spam is going through their mail server, they should be able to tell you which IP that traffic is emanating from. If it's your gateway IP, then you have more work to do, because then, you have to pin down the host doing this by logging and analyzing traffic on the gateway machine. It would be easy it it was a Unix box.... Anyway, for me, you only triggered more questions. Give us an overview of how the network is configured for further help. If spam is going through Mdaemon, then view the SMTP sessions of Mdaemon. You should be able to see what is going on if you have configured the logging options properly (setup -> miscellaneous options -> composite log window contains: enable as much as you want on that) by viewing the SMTP sessions. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
Peepo, MDaemon Settings are as advised in the link pasted above, so I am guessing that it could be a PC on my network, no? I intend to scan the network and hopefully arrest the culprit PC.... ama thez anything else that I need to consider? About my network setup, we have branches connected to the HO via MPLS. The HO is where the internet gateway is, and that same server is also our email server. It has two NICs, one going into the PIX and the other (obviously) into the LAN. As for the spamming host, my ISO advised me to look at MDaemon logs as they are unable to get that info from their side, which thing I intend to do now that I have finished attending to other matters. Will keep ya'll posted... Thanks 2009/11/23 Odhiambo Washington <odhiambo@gmail.com>
On Mon, Nov 23, 2009 at 4:30 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
Shukran guys,
Will keep you posted on the progress... and by the way, does it mean that I should scan my mail server for malware? Coz my ISP says that a machine on my LAN is spamming. Should I run a virus scan as well [using a different tool coz KAV says it's as clean as a whistle]?
From my imagination of your network (since you did not detail that) I can say the problem can even be elsewhere, not necessarily on Mdaemon. Suppose hosts on your network are directly connected to the Internet, they can have spamming engines installed on them that can lead to such complaints. It's pretty easy to see if MDaemon is spamming (let's stick to that term) by simply looking at its session logs. Pretty simple, and you can view those in realtime. If you don't know how to do this, then you should reconsider running MDaemon, seriously. Outsource that function.
Did the ISP techie tell you which host is spamming? If the spam is going through their mail server, they should be able to tell you which IP that traffic is emanating from. If it's your gateway IP, then you have more work to do, because then, you have to pin down the host doing this by logging and analyzing traffic on the gateway machine. It would be easy it it was a Unix box....
Anyway, for me, you only triggered more questions. Give us an overview of how the network is configured for further help.
If spam is going through Mdaemon, then view the SMTP sessions of Mdaemon. You should be able to see what is going on if you have configured the logging options properly (setup -> miscellaneous options -> composite log window contains: enable as much as you want on that) by viewing the SMTP sessions.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- שִׁמְעוֹן
If there's a machine doing P2P, you may first need to stop this and confirm with the ISP whether there's any change. It's a wild shot, but I've had a case before in which some network monitoring guy was unable to distinguish between real spamming and P2P transactions (torrent downloads/seeding).
participants (7)
-
Alex Nderitu -
Alvin Jason Ochieng -
Odhiambo Washington -
Okechukwu -
Rad! -
Simon Mbuthia -
Tony Likhanga