LinuxQuestions.org - how to find out who is spamming on qmail with courier-imap?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - how to find out who is spamming on qmail with courier-imap? (https://www.linuxquestions.org/questions/linux-security-4/how-to-find-out-who-is-spamming-on-qmail-with-courier-imap-441173/)

how to find out who is spamming on qmail with courier-imap?

Hello,
I own a server with plesk on it
It is using qmail and courier-imap
When looking in the mail queue I detected a lot of spam messages

Can somebody tell me how can I find out who is sending spam through my server, how is he doing it(via php/html scripts or via shell?), how can I prevent this from happening in the future?

Are there any tehniques in detecting the spammer?

Please help

Thank you

I'd suggest taking a thorough look through your /var/log/maillog and see who is connecting to your server. You can also test if your server is configured as an open relay (which would be bad). If you Google for "open relay tester" or the like you can find a number of services to test your site. I'd also examine the server as a whole. If a cracker exploited a vulnerable web application, he could easily use it to send out tons of spam. What all is running on the server? Is there anything else specific in the system logs? Plesk should give you some mechanism for looking at your logs, or just SSH in and hunt around in the /var/log directory.