Autor: Andreas Steinmetz Data: A: Mike Ramirez CC: Exim User ML Assumpte: Re: [exim] Spammer problems Need help
Mike Ramirez wrote: > On Fri, 2004-10-08 at 13:57, Leonardo Boselli wrote:
>
>>Il 8 Oct 2004 alle 13:50 Mike Ramirez immise in rete
>>
>>>But the thing is we think its a user on the system but
>>>can't find anything hard to say it is him and take action.
>>
>>What does say the log ? you should know what is the host sending
>>spam, and then tracing the user using it at that time (al blame the
>>administrator of that host)
>
>
> Logs say its nobody@???, I have gotten to the user but I
> can't find anything specific that says its him. I found the dir
> originating but nothing there. guy cleans up his tracks nicely.
Not a direct solution, but what about enforcing asmtp? If your spammer
needs to authenticate it will be hard for him to cover up. For locally
sent mail use modified applications that collect system information
prior to sending of the mail. If necessary use mandatory access control.
--
Andreas Steinmetz SPAMmers use robotrap@???