Am Mi, den 21.04.2004 schrieb Mike Rambour um 22:07: > I am a very newbie here and my ISP is saying they received a complaint > about SPAM being sent from my machine, they claim its my IP that sent it > (fixed IP, not DHCP). You should ask them for the log entries they used to determine your machine as the culprit. > I have checked and I have relaying turned off and only 6 valid users on > the machine, I forced a password change for all accounts. I also used > Abuse.Nets relay test to make sure I was not allowing relays. I have no > idea how that SPAM got out. Since this machine is a firewall for our > office, I tested all internal machines for virus/worms/etc with the latest > tools. I suppose these machines are windows. You should check their mail program configuration. What smtp host do they use for sending mail? In addition you should reconfigure one client to directly use a smtp host outside your office network (assuming they are configured to use the smtpd on your firewall box). Your firewall configuration should block this type of communication. Otherwise a client can send mail which will not show up in your log file. > But lines like these 2 below did NOT have matching lines, does this mean > they got sent ? relayed thru my machine somehow ? I could not find a fail > or sent line for many lines like the ones below. > > Apr 21 12:25:00 mail sendmail[1067]: MAA01067: > from=<postmaster@xxxxxxxxxxxxxxxxxxxxxxxx>, size=1657, class=0, pri=0 > , nrcpts=0, proto=ESMTP, relay=[200.213.72.130] > Apr 21 12:29:03 mail sendmail[1214]: MAA01214: from=<>, size=0, class=0, > pri=0, nrcpts=0, proto=SMTP, relay=fw1-81-80-126-2.bplc.fr [81.80.126.2] You should perform a grep MAA01067 /var/log/maillog rsp a grep MAA01214 /var/log/maillog and you should see the complete communication > Where do I learn to read the various logs on Fedora/Linux ? If I missed > a google what should have I googled for ? Really, I would like to know, too :-) Btw.: After you have resolved the issue you should consider to switch to postfix as your MTA. It's easier to configure and to maintain, the log entries are more self explaining, and much more. Peter
