Hello,

I recently set up a little FC3 server to handle my personal email. In the nightly cron logs, I can see that mail is being sent and I'm not sending it... These are showing up in the 'sendmail' portion of my log files -- about 5-10 a night.

How can I stop this? I am *not* sending these emails -- I suspect someone is trying to use my server as a spamming device...

Are there log files that I can read that could tell me this person's email address, or the addresses that the mails went to?

Are there any other diagnostic techniques I could use to determine where my vulnerability is?

Thanks,

--dc.

/var/log/maillog is worth a look. I wouldn't assume you have some vulnerability... spammers are not interested in sending five emails through your machine, but five million. Some emails are sent by your machine automatically, like the logwatch reports you may be reading?

/var/log/maillog is worth a look. I wouldn't assume you have some vulnerability... spammers are not interested in sending five emails through your machine, but five million. Some emails are sent by your machine automatically, like the logwatch reports you may be reading?

oh -- haha -- yeah the logwatch reports -- good call. I didn't think about that.

sheesh

On the other hand -- I can see evidence of people trying different passwords to get into my FTP service, and I can see where some mails have been bounced back to a recipient that I do not recognize.

I will look at /var/log/maillog -- thanks for that! I guess I was thinking that people were probing my server trying to get set up for a huge spam attack or something. That might just be my own paranoia, though.

if you suspect spammers, you can set up dns block/blacklists like spamcop and what not, it kicks them off real fast (and helps with the worries of you relaying other peoples mail).