how to find the SPAMMER in the server?
on the CPanel server getting lots of Virus attachments from specific IP 203.144.73.46. I put the IP in /etc/hosts.deny and in /etc/spammers . Restarted Exim and Httpd but still receiving junk emails from this IP at the rate of 1 email per minute.
How to block this IP?
and how to find this SPAMMER, looks like he's in the system.
The email header shows:
Return-path:
Received: from [203.144.73.46] (helo=Euma86)
by my.hostname.com with smtp (Exim 3.36 #1)
id 19I0Nh-0005cV-00
for Alexa319@aol.com; Tue, 20 May 2003 01:13:50 -0500
Date: 1:14:00 PM, 5/20/03
From: NWV
To:
Subject: Fwd: death, life, fear
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="Unique_Boundary"
Message-Id:
--Unique_Boundary
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
you don't have to if you don't want to.
--Unique_Boundary
Content-Type: application/octet-stream;
name="11064corbis[1].exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="11064corbis[1].exe"
Tailing the MailLog shows:
2003-05-20 01:05:18 19I0EQ-0005NI-00 <= chinarih@ms23.hinet.net H=(Paixe7) [203.144.73.46] P=smtp S=304406
2003-05-20 01:05:18 19I0EQ-0005NI-00 cancelled by message filter: This message has been rejected because it has\na potentially executable attachment "110800mom01[1].com"\nThis form of attachment has been used by\nrecent viruses or other malware.\nIf you meant to send this file then please\npackage it up as a zip file and resend it.
2003-05-20 01:05:18 19I0FS-0005PB-00 <= <> R=19I0EQ-0005NI-00 U=root P=local S=107616
2003-05-20 01:05:18 19I0EQ-0005NI-00 Error message sent to chinarih@ms23.hinet.net
2003-05-20 01:05:18 19I0EQ-0005NI-00 Completed
