[nylug-talk] Am I Spamming?

[Gary Mort]

Judd Maltin wrote:
> So I figure there's some other application, likely a PHP app or something,
> that's been hijacked to send out spam.  I'd like to monitor the situation
> before doing anything.  I'm going about it by using iptraf to monitor
> connections from my only external interface to 0.0.0.0:25.
>   

Check the headers to determine what server actually rejected the 
email(if any, sometimes bounce message formats are used to send spam) 
and see if the whole path actually matches the format you expect.

Check the various RBL sites to see if you have been added.

A quick google search indicates iptables can be configured to block 
outgoing connections to port 25, and it can be given the owner that sent 
the packet.  So presumably you could limit outgoing SMTP connections to 
just Postfix.

Sorry, doesn't meet the requirements of monitoring, but figured it might 
help.