Hello, an server IP is blacklisted at various spam blacklists. I have root access to the server, how can i proove the messages are unsolicited / spam? no blacklist giving me details on which message was marked as spam on their side? anyone knows blacklist service which shows this or how to proove sent emails is spam? I see log files in /var/log Thank you
depending upon your mailserver (postfix, exim, sendmail, etc.) you're going to need to watch your mail log. For postfix and sendmail, it will likely be /var/log/maillog For exim (if you're using cPanel), it's likely /var/log/exim_mainlog and /var/log/exim_rejectlog You'll want to use tail to watch the logs, this will allow you to see log writes in real time: tail -f /var/log/maillog Code (markup): You can stop by pressing ctrl-c Unfortunately, you likely will not see mail marked as spam that is being sent out. That's done on the host, and filtered to spam folders, or just sent to a black hole (/dev/null). You will be able to see all mails being sent out from your server though. If some account is sending out spam, it should be visible in one of those logs.
Take a look at this guide to further configure Exim to log directories: http://kb.iweb.com/entries/24423351-Identifying-spam-sources-under-cPanel-exim Also, have a look at the output of this command in SSH: eximstats -ne -nr /var/log/exim_mainlog
You will need to check your servers logs. Typically, you will see 550 errors and a URL pointing to the blacklist information page. I usually try to find the first occurrence of these errors and then backtrack to see what emails caused the issue. Typically such problems are caused by: Insecure Web Applications Compromised User Accounts Bulk Forwarding of Email Bounce Handling Configured Incorrectly Where the logs are located and what to look for varies between servers.