For some reason a large amount of email is being sent during the night. I dont have any crons set up to send anything and we dont send mailshots. Can anyone tell me how I can view the actual emails that are being sent and any possible ways to go about removing a possible spambot.
I have looked through our accounts and there are no email accounts that shouldnt be there. I also have SPA set up so the passwords should be secure.
HELP PLEASE
See attachment for better explanation.
https://drive.google.com/file/d/0B68GL5 ... sp=sharing
Large amount of emails sent during the night (possible spam)
Re: Large amount of emails sent during the night (possible spam)
First thing is you should check the maillog at the time for sending . You can see everything in that file.
24x7 PROACTIVE ZIMBRA SERVER MANAGEMENT | Sales : sales @ syslint.com | Skype us : SyslintSkype | Call us : (+91) 471-60 - 7799 | visit : https://syslint.com
Re: Large amount of emails sent during the night (possible spam)
Don't be too confident that an account is not compromised, users tend to reuse passwords...
I would recommend you look through /var/log/tmp_zauthlog to see which accounts might have been sending email at that time. You can use https://www.iplocation.net/ to geo-locate ip addresses you do not recognize.
Don't know the number of users you have, but I have a script email me about logins each night so I can spot compromised accounts. I posted the basic version of it here:
viewtopic.php?f=15&t=58860&p=265683#p265683
Good luck and let us know how it turns out.
I would recommend you look through /var/log/tmp_zauthlog to see which accounts might have been sending email at that time. You can use https://www.iplocation.net/ to geo-locate ip addresses you do not recognize.
Don't know the number of users you have, but I have a script email me about logins each night so I can spot compromised accounts. I posted the basic version of it here:
viewtopic.php?f=15&t=58860&p=265683#p265683
Good luck and let us know how it turns out.
Re: Large amount of emails sent during the night (possible spam)
Thanks for the replies. This script looks exactly what I need.
@howanits - Do I execute this script using crontab? I have pasted it into a .sh script and tried to run it using /bin/bash as su but i was getting a command not found error.
@howanits - Do I execute this script using crontab? I have pasted it into a .sh script and tried to run it using /bin/bash as su but i was getting a command not found error.
Re: Large amount of emails sent during the night (possible spam)
I do run it as a cron job, but if you cannot run it manually, it will not run as a cron job either.
Did you change all the "example.com" text?
Did you make your file executable with chmod?
Did you remember to include the path when running it?
Did you change all the "example.com" text?
Did you make your file executable with chmod?
Did you remember to include the path when running it?