How to catch Spammers from the server:
Follow the steps given below to catch Spammers sending mails from scripts ( nobody emails ) :-
1. Edit /etc/exim.conf
2. On the second line add :
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection+queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
Note - Make sure all that comes on a single line.
3. Save and exit.
4. Restart Exim.
if the spammer is not spamming using formmail scripts then go through following steps
:-
1 > Get the message ID from the header of the spam. It should be in format like
1DWJj4-00042i-74 ( this is the most important step else all thats given below is crap )
2 > grep exim_mainlog with the message ID ( Ex : grep 1DWJj4-00042i-74
/var/log/exim_mainlog )
Also you can install spamlogs on the server to catch nobody spammer:
Step 1)
Login to your server and su - to root.
Step 2)
Turn off exim while we do this so it doesn't freak out.
/etc/init.d/exim stop
Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the
sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden
Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail
Paste in the following:
#!/usr/local/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/spam_log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n";
}
else {
print INFO "$date - $PWD - @infon";
}
my $mailprog = '/usr/sbin/sendmail.hidden';
foreach (@ARGV) {
$arg="$arg" . " $_";
}
open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!n";
while ( ) {
print MAIL;
}
close (INFO);
close (MAIL);
Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail
Step 6)
Create a new log file to keep a history of all mail going out of the server
using web scripts
touch /var/log/spam_log
chmod 0777 /var/log/spam_log
Step 7)
Start Exim up again.
/etc/init.d/exim start
Step 
Monitor your spam_log file for spam, try using any formmail or script that
uses a mail function - a message board, a contact script.
tail - f /var/log/spam_log
Sample Log Output
Mon Apr 11 07:12:21 EDT 2005
- /home/username/public_html/directory/subdirectory - nobody x 99 99
Nobody / /sbin/nologin
Log Rotation Details
Your spam_log file isn't set to be rotated so it might get to be very large
quickly. Keep an eye on it and consider adding it to your logrotation.
pico /etc/logrotate.conf
FIND:
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
ADD BELOW:
# SPAM LOG rotation
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}
Notes:
You may also want to chattr + i /usr/sbin/sendmail so it doesn't get
overwritten.
Enjoy:)
If you need any assistance, We can provide you for a small fee. please email us mayur.c24@gmail.com
0 comments:
Post a Comment