|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jorey Bump (list
joreybump.com)
Date: Wed Mar 11 2009 - 10:35:19 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Williams wrote, at 03/11/2009 11:19 AM:
> I just had a ticket come in regards to a user who just last week
> started receiving a crazy amount of spam emails that he has never had
> an issue with. I checked the mail logs (/var/log/mail.log) and was
> unable to find anything. I checked the spam emails the user still had
> on his client and copied the message headers:
>
> Return-Path: <hangzao15yahoo.com.cn>
This will be logged.
> Received: from mail.lkpp.gov.my (unknown [219.93.25.92])
As will this IP.
> Now I am wondering why I am unable to find any of these messages in my logs:
>
> mail:~# cat /var/log/mail.log | grep -i 203.217.121.52
> mail:~# cat /var/log/mail.log | grep -i 3B3311FA41E0
> mail:~# cat /var/log/mail.log | grep -i guypatricelumumbacongo.gov
>
> Am I searching for this incorrectly or in the wrong directory? Thanks
> for any help!
Debian logs email funny. Try this, and work from there:
egrep '(hangzao15yahoo.com.cn|219.93.25.92)' /var/log/mail*
If that turns up nothing, you may need to look at /etc/syslog.conf (or
whatever Debian uses) to see how syslog is configured to log mail.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]