Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have full root access to a linux server and I need to check the mail logs, but I have no idea how. Here is what I was told of why the server is having issues (what I need to check):
Quote:
It appears that our mail servers are currently blocking your server because of the large number of messages you are sending to them. I checked the log and I am showing that there are currently sending around 6 emails per second to this
I need to find what those emails are (the content of the email etc). Any suggestions?
If your server is used to send 6 emails per second to just one another domain then your server is hijacked with 99.99% certainity and used for spamming. Keeping this server online is a crime. Disconnect your server from internet asap and address the issue.
Sorry but you do not have my sympathy. If you do not know how to drive a car you cannot go to a public highway but you can still drive in your backyard. If you do not know how to manage a server keep it running for yourself and do not connect it to the internet where it poses public danger. Period.
First - whoever runs this server has to understand his/her responsibilities.
Second - if your server is hijacked then the attacker is probably using his own SMTP service which does not leave any logs.
The company pays for the host and the server is located in FL (we are in NY), run by a local tech team. We are a web host company. Whose responsibility is it? I don't have permission to take the server offline.
Check /var/log, all logs are in there. I had an Exim server once but I do not remember exact filenames any more. You also may want to check if there is a rootkit installed. http://www.chkrootkit.org/
Ask those people who complained to send you some of these 6-per-second mails with full headers. BTW, chkrootkit is helpful but it won't find all threats. Check if there is still high traffic on port 25.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.