Hi there, My server is currently sending large amounts of spam. I can't find a good way to locate the script sending this spam. I tried http://www.howtoforge.com/how-to-log-emails-sent-with-phps-mail-function-to-detect-form-spam but the log keeps empty, please advice. (I have Ubuntu 12.04 server)
You can find the reason with postcat: http://www.howtoforge.com/forums/showthread.php?t=65411&highlight=postcat The most likely reason at the moment is a botnet that use hacked smtp accounts. They get the password with trojans on windows systems and send out spam emails that have the trojan attached like fake Telekom invoices.
This is a header from an email. I think it really had to do with compromising the email password of [email protected] I have reset all the passwords for the mail accounts that are on the server.
Yes, the relevant line is: (Authenticated sender: [email protected]) so this spam was send by an authenticated sender account. Most likely the pc was infected by a trojan.
