Hi to all, I have a debian 8 with ipconfig. I have a spam problem but unable to find source of spam. I ask your help to solve this problem. This is a typical email that outgoing: Code: postcat -q F03E3B033B1 *** ENVELOPE RECORDS deferred/F/F03E3B033B1 *** message_size: 1849 666 1 0 1849 message_arrival_time: Wed Jun 7 23:01:55 2017 create_time: Wed Jun 7 23:01:55 2017 named_attribute: log_ident=F03E3B033B1 named_attribute: rewrite_context=local sender: [email protected] named_attribute: encoding=7bit named_attribute: log_client_name=localhost.localdomain named_attribute: log_client_address=127.0.0.1 named_attribute: log_client_port=43815 named_attribute: log_message_origin=localhost.localdomain[127.0.0.1] named_attribute: log_helo_name=localhost named_attribute: log_protocol_name=ESMTP named_attribute: client_name=localhost.localdomain named_attribute: reverse_client_name=localhost.localdomain named_attribute: client_address=127.0.0.1 named_attribute: client_port=43815 named_attribute: helo_name=localhost named_attribute: protocol_name=ESMTP named_attribute: client_address_type=2 named_attribute: dsn_orig_rcpt=rfc822;[email protected] original_recipient: [email protected] recipient: [email protected] *** MESSAGE CONTENTS deferred/F/F03E3B033B1 *** Received: from localhost (localhost.localdomain [127.0.0.1]) by web.nebenet.it (Postfix) with ESMTP id F03E3B033B1 for <[email protected]>; Wed, 7 Jun 2017 23:01:55 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at web.nebenet.it Received: from web.nebenet.it ([127.0.0.1]) by localhost (web.nebenet.it [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id iXsrPnhWrrSF for <[email protected]>; Wed, 7 Jun 2017 23:01:55 +0200 (CEST) Received: from perseosport.com (localhost.localdomain [127.0.0.1]) by web.nebenet.it (Postfix) with ESMTPS id 3BF87B033B4 for <[email protected]>; Wed, 7 Jun 2017 23:01:55 +0200 (CEST) MIME-Version: 1.0 Date: Wed, 7 Jun 2017 23:01:55 +0200 Message-ID: <[email protected]> Subject: Stoney phallus for a long time From: web10[email protected] Reply-To: [email protected] To: [email protected] X-Priority: 3 (Normal) X-Mailer: ESMTP 1.1 Content-Type: multipart/alternative; boundary="----=_Part_67069390_524281137.1496869315220" ------=_Part_67069390_524281137.1496869315220 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Greeting! Gift exultation to dear woman! Faster get ClALlS! You can get more details please read here. see you! ------=_Part_67069390_524281137.1496869315220 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <html> <head><meta http-equiv=3D'content-type' content=3D'text/html; charset=3Dutf= -8'></head> <body> <div><br> Greeting!<br> Gift exultation to dear woman! Faster get ClALlS!<br> <a href=3D'http://www.as-photo.it/wp-content/themes/mobiletu/p3/'>You can g= et more details please read here.</a><br> <br> <br> see you! </div> </body> </html> ------=_Part_67069390_524281137.1496869315220-- *** HEADER EXTRACTED deferred/F/F03E3B033B1 *** named_attribute: encoding=7bit *** MESSAGE FILE END deferred/F/F03E3B033B1 *** ls -alh /var/www/perseosport.com lrwxrwxrwx 1 root root 31 May 22 22:28 /var/www/perseosport.com -> /var/www/clients/client1/web28/ There is not a user with name "web108". I don't understand where is problem. I block web access to this website but problem persists.
I solved. Sender "web108" is the user who spamming on old server and new (it was moved from a old server), but in new it has a new username. I don't now because on log I have this unknown user.
