Date:  Tue, 30 Jun 2009 01:29:52 +0200
From:  Michael Stauber <bq (at mark) solarspeed.net>
Subject:  [coba-e:15752] Re: spam problem w/ email - hope not serious
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200906300129.52771.bq (at mark) solarspeed.net>
In-Reply-To:  <4A494565.3040805 (at mark) nomealaska.org>
References:  <4A494565.3040805 (at mark) nomealaska.org>
X-Mail-Count: 15752

Hi Jim,

> I just started getting this error returned as a Returned mail from our
> server's "Mail_delivery_subsytem<MAILER-DAEMON (at mark) srv1.nomecity.org> and I
> don't know about one of our users jenns (at mark) nomealaska.org with
> jenns@localhost being used like it is, plus the line "jenns set sender
> to <jdory (at mark) nomealaska.org> using -f " which I see a lot in our maillog
> also with other email addresses set sender to from same user.

Most likely a PHP script owned by user "jens" is sending those emails.

To find out which files that may be you can use several methods:

Find all filesin /home/.sites/ owned by user "jens":

	find /home/.sites/ -user jens

Go to the home directory of that user and then check what site that is: 

	cd ~jens | pwd | cut -d / -f5

That will report back something like "site2". To then find out the site's FQDN 
do this:

	ls -la /home/sites/ | grep site2

-- 
With best regards,

Michael Stauber