Saturday, May 1, 2010

spam check on linux server

Check spamming is occurring or spam is issuing from the server or not :

node #ps -C exim -fH ewww|awk '{for(i=1;i<=40;i++){print $i}}'|sort|uniq -c|grep PWD|sort -n

node # grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n


Check on qmail server :

Find ID :
1. for i in `/var/qmail/bin/qmail-qread | awk '{print $6}'|cut -d# -f2`; do find /var/qmail/queue -iname $i; done> test
2. for i in `cat test`; do grep -irl "GoodFaith Proposal" $i; done //output of queue whic containsthat subject
3. Sort the IDs and delete them from qmail q and inform the customer.

If there are too many messages in the queue, try to find out where the spam is coming from. If the mail is being sent by an authorized user, but not from a PHP script, you can find out which user sent most of the messages with the following command:
# cat /usr/local/psa/var/log/maillog |grep -I smtp_auth |grep -I user |awk '{print $11}' |sort |uniq -c |sort -n

Guide :

No comments:

Post a Comment