This might be more general advice than a specific help, but i've found
most bad mail originating from me comes from php driven forum sites.
After originally patching the php src to log sitenames that send mail, i
found enabling MAILHEAD support in php build adds customs headers which
help to identify the site anyway.
I plan on adding a milter to pick these up dynamically, but for now, it
helps identify sites from stuck items in mailq.
i.e a grep into mailq for X-PHP-Script
/var/spool/mqueue/qfm83AltWj045560:H??X-PHP-Script:
www.siteonserver.com/signup.php for x.101.27.178
Its easy to spot dubious scripts as the ip is commonly the same.
gd luck.
Paul.
lyd mc wrote:
Hi guys need help..
My mailserver become an open relay.
Unknown user can now send mail.
snippet from mailq
m88C8iWq042874 689 Mon Sep 8 20:08 <[EMAIL PROTECTED]>
(Deferred: Name server: mx1.mail.tw.yahoo.com.: host name loo)
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
I don't have user 'osxch' and there others can also send..
best regars thnx
alydio
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
--
<http://www.ifdnrg.com> *Ultra fast and secure web hosting
Live and on demand video streaming
Custom online Solutions *
*Paul Macdonald*
Director
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
www.ifdnrg.com <http://www.ifdnrg.com>
*IFDNRG*
127 Rose St South Lane, Edinburgh, EH2 4BB
0044.(0)131.2257470
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"