Topic: Reckognized spamming in logs what are the steps to locate the source
==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL
- Linux/BSD distribution name and version: Debian 6.0.7
- Related log if you're reporting an issue: ireadapd.log
====
Hi, I have found spamming activity on my server, I know this is not iRedMail issue but just wanted to ask for help.
Here is a part of the log which is spamming activity
2015-03-09 14:54:27 INFO [127.0.0.1] lxctaomlyh@ag.statesc.us -> ochinn@athene.co.uk, DUNNO
2015-03-09 14:54:28 INFO [127.0.0.1] lxctaomlyh@ag.statesc.us -> mcilhinneyn@athene.co.uk, DUNNO
2015-03-09 14:54:30 INFO [127.0.0.1] lxctaomlyh@ag.statesc.us -> bourlier@athene.co.uk, DUNNO
2015-03-09 14:54:31 INFO [127.0.0.1] lxctaomlyh@ag.statesc.us -> picard@athene.co.uk, DUNNO
2015-03-09 14:54:34 INFO [127.0.0.1] blkywehtaxvaw@compass.pl -> csnhskq@moro-tour.pl, DUNNO
And here is legitimate log for proper email activity
2015-03-09 14:56:21 INFO [x.x.57.149] paul@st...mail.com -> w....s@pr....u.de, DUNNO
2015-03-09 14:57:02 INFO [x.x.163.178] messages@f...r.com -> service@pir.....g.de, DUNNO
2015-03-09 15:01:34 INFO [37.247.88.134] w..s@pre.....au.de -> M.....ch@br....x.de, DUNN
How can I find out how those 127.0.0.1 mails are sent?
Thanks
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.