DevHeads.net

Tracing down a spammer

Tracing and tracking.

Question is:

If you suspect your web (whether www,http,httpd user )
how can you do a header check and pin where the source of
spam is coming from?

All I need is a check that will send to local users - go ahead
and if to a massive amount of users WITHOUT a local
user REJECT as spam.

Where can I put this?

Comments

Re: Tracing down a spammer

By Wietse Venema at 04/26/2010 - 13:27

The Doctor:

You look in the WEB SERVER LOGFILE, and find the web request that
exploits your server.

Wietse

Re: Tracing down a spammer

By Jeroen Geilman at 04/26/2010 - 13:13

...of what ?
If you mean you suspect a local user of your web server of sending out spam,
implement proper local sender restrictions by measures such as limiting which
system users can use sendmail submission.

Header checks will rarely, if ever, tell you where spam comes from.

permit_auth_destination

It's generally a good idea to limit the number of recipients anyway.

How do you mean, "without" ?

I'm entirely unclear what you're trying to prevent here.

See <a href="http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt" title="http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt">http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt</a> for a good introduction
to postfix anti-spam measures.

J.