Article 15754 at 09/06/30 09:13:32 From: webhosting (at mark) yahoo.com Subject: [coba-e:15754] Re: spam problem w/ email

Index: [Article Count Order] [Thread]

Date:  Mon, 29 Jun 2009 17:13:28 -0700 (PDT)
From:  Dan Kriwitsky <webhosting (at mark) yahoo.com>
Subject:  [coba-e:15754] Re: spam problem w/ email - hope not serious
To:  coba-e (at mark) bluequartz.org
Message-Id:  <786495.50859.qm (at mark) web65601.mail.ac4.yahoo.com>
X-Mail-Count: 15754



> Here's a line from maillog:
> Jun 29 14:46:49 srv1 sendmail[8065]: n5TMkm4e008065:
> Authentication-Warning: srv1.nomecity.org: jenns set sender
> to <jdory (at mark) nomealaska.org>
> using -f
> 
> 

grep 14:46:49 /var/log/httpd/access_log
If that doesn't show a bad CGI or PHP just knock off the 9 in 49 and scan through that for a script.

Bad news: 66.58.160.105 is already listed in a few DNSBL.

-- 
Dan Kriwitsky