Hi

I have identified small amounts of spam being sent through my linux server over the past few weeks. Today this suddenly became 35000 messages and I've temporarily stopped smtp to stop the spam being sent.

Relays are being denied by the server- having been checked by my webhost and certainly appearing in the logs.

There are some indications that the spammers are using the server IP address to send the emails.

Can anyone advise on how to identify what is happening- and how to stop it? (I have shell access)

Thanks in advance

If the spam is actually originating from your server (ie. they aren't just bounces from incoming spam), then one possible source is a vulnerable form script (or some script that allows people to send mail to someone else).

Adrian

I only have one formscript + those in GLinks and they are protected with CAPTCHA.

The logs look as though people have been trying to send commands like RELAY=OK I also switch off SSH, only switching it on when using it because there were many attempts to hack in via there.

Certainly a lot of the traffic has got to be the bounces but a proportion of them have been getting through.

Is there a way of limiting a Fedora server to only allow outgoing emails from 1 email address?

eg: mail@mysite.com so all other messages will be destroyed or bounced.

Thanks

Having looked further into this problem, it would appear that SMTP proxy is being used to send these emails. Apparently I am not the only person with the problem because there are several references to it in newsgroups- but I don't understand what is being discussed as solutions.

Can anyone explain what I have to change, and where, to stop proxy being used? and is there anything in GLinks that would be stopped my shutting off the proxy?

Thanks

My server has now been blocked as a spammer- I've had to switch off SMTP and therefore all my GLinks user registrations and also form-based emails are not going anywhere- in effect the spammers have brought down my website.