1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to proove from logs that server is sending spam?

Discussion in 'Site & Server Administration' started by postcd, Jul 20, 2014.

  1. #1
    Hello, an server IP is blacklisted at various spam blacklists.
    I have root access to the server, how can i proove the messages are unsolicited / spam?

    no blacklist giving me details on which message was marked as spam on their side? anyone knows blacklist service which shows this or how to proove sent emails is spam? I see log files in /var/log

    Thank you
     
    postcd, Jul 20, 2014 IP
  2. DaiTengu

    DaiTengu Active Member

    Messages:
    49
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    75
    #2
    depending upon your mailserver (postfix, exim, sendmail, etc.) you're going to need to watch your mail log. For postfix and sendmail, it will likely be /var/log/maillog For exim (if you're using cPanel), it's likely /var/log/exim_mainlog and /var/log/exim_rejectlog

    You'll want to use tail to watch the logs, this will allow you to see log writes in real time:

     tail -f /var/log/maillog 
    Code (markup):
    You can stop by pressing ctrl-c


    Unfortunately, you likely will not see mail marked as spam that is being sent out. That's done on the host, and filtered to spam folders, or just sent to a black hole (/dev/null).
    You will be able to see all mails being sent out from your server though. If some account is sending out spam, it should be visible in one of those logs.
     
    DaiTengu, Jul 20, 2014 IP
  3. zacharooni

    zacharooni Well-Known Member

    Messages:
    346
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    120
    #3
    zacharooni, Jul 28, 2014 IP
  4. jeffatrackaid

    jeffatrackaid Active Member

    Messages:
    168
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    75
    #4
    You will need to check your servers logs. Typically, you will see 550 errors and a URL pointing to the blacklist information page. I usually try to find the first occurrence of these errors and then backtrack to see what emails caused the issue.

    • Typically such problems are caused by:
    • Insecure Web Applications
    • Compromised User Accounts
    • Bulk Forwarding of Email
    • Bounce Handling Configured Incorrectly
    Where the logs are located and what to look for varies between servers.
     
    jeffatrackaid, Aug 4, 2014 IP