[thelist] Qmail Log Analyzer Recommendation

David Kaufman david at gigawatt.com
Tue Sep 9 14:04:36 CDT 2008


Hi Norman,

"Norman Bunn" <norman.bunn at craftedsolutions.com> wrote:
>
>I am fruitlessly trying to determine the source of some spam that is
> coming from or through my server.  The hosting company has suggested I
> get a qmail log analyzer.  Does anyone have a recommendation on one that
> works well for them?

I don't analyze my email logs, myself, but:

  here are #1 thru 10 of about 914 that Google knows of...
  <http://www.google.com/search?hl=en&q="qmail+log+analyzer">

I mean to say that there are lots of them, but I highly doubt that *any* 
amount of email server log analysis will help you to "determine the source 
of some spam".  It is (as you've noted) a fruitless endeavor.  Spammers are 
very good at preventing you from determining the sources of their messages. 
And these days, when you do track some spam to the IP address which sent 
it, and identify who owns that computer, you learn that they don't really 
control it.  Most spam is sent by bots, usually broadband-connected and 
virus-infected computers that are controlled by a "bot-net".  The computers 
themselves are owned and operated by unsuspecting users who have (among 
millions of others) unwittingly become the tools of the owner of the 
bot-net.

So while you *may* find the innocent and unwitting pawn of some spammers 
bot-net, what's the point?  Isn't it a far better use of your time and 
effort to install, configure and maintain very good spam-filters and 
block-lists to protect your servers and workstations from spam in the first 
place, so that you don't have to care?

Working the other direction, if you want to track down the *advertiser* of 
a spam you've received (rather than the bot-net of the professional spammer 
he paid to *send* his offer) simply follow the money.  Respond to the ad. 
Offer to buy the product or service.  See who you have to pay.  Your credit 
card company (and/or the police) should be able to help you identify who's 
caching the checks, especially if the goods are stolen, the service 
illegal, etc.  Even then, the trail often leads all over the planet, making 
any meaningful investigation, lawsuit or prosecution all but impossible.  I 
prefer to route as much spam as possible to the bit bucket, rather than 
obsessing over who sent it, and pondering all the medieval punishments that 
all spammers so dearly deserve.

-dave






More information about the thelist mailing list