Hi. Recently I'm seeing a lot of unknown emails sended from my server. 47910300F28 703629 Thu Dec 19 05:19:54 [email protected] (Host or domain name not found. Name service error for name=globalskm.com type=MX: Host not found, try again) [email protected] cahors.cn isn't my domain. Then I believe someone is using my server to send emails or something. I can see the email queue and delete it but it is not the solution. I tried to analyze the queue using commands like these: Code: grep -A2 "from" /var/log/mail.log grep -c "from=<[email protected]>" /var/log/mail.log But I need to go to next step and to know the origin and block it. Can I help me? Thanks.
Is that same server hosting websites? Maybe a form on there is being abused? Or a website got hacked? Also check if you haven't created an open relay somehow.
Hi. That is not the same server hosting websites. This server doesn't contain any website. I use it for email server only. I haven't created any relay. I don't know what I've to analyze to discover the origin of these emails. Thanks.
