[thelist] Qmail Log Analyzer Recommendation
Norman Bunn
norman.bunn at craftedsolutions.com
Wed Sep 10 09:53:11 CDT 2008
David Kaufman wrote:
> Hi Norman,
>
> "Norman Bunn" <norman.bunn at craftedsolutions.com> wrote:
>
>> I am fruitlessly trying to determine the source of some spam that is
>> coming from or through my server. The hosting company has suggested I
>> get a qmail log analyzer. Does anyone have a recommendation on one that
>> works well for them?
>>
>
> I don't analyze my email logs, myself, but:
>
> here are #1 thru 10 of about 914 that Google knows of...
> <http://www.google.com/search?hl=en&q="qmail+log+analyzer">
>
> I mean to say that there are lots of them, but I highly doubt that *any*
> amount of email server log analysis will help you to "determine the source
> of some spam". It is (as you've noted) a fruitless endeavor. Spammers are
> very good at preventing you from determining the sources of their messages.
> And these days, when you do track some spam to the IP address which sent
> it, and identify who owns that computer, you learn that they don't really
> control it. Most spam is sent by bots, usually broadband-connected and
> virus-infected computers that are controlled by a "bot-net". The computers
> themselves are owned and operated by unsuspecting users who have (among
> millions of others) unwittingly become the tools of the owner of the
> bot-net.
>
> So while you *may* find the innocent and unwitting pawn of some spammers
> bot-net, what's the point? Isn't it a far better use of your time and
> effort to install, configure and maintain very good spam-filters and
> block-lists to protect your servers and workstations from spam in the first
> place, so that you don't have to care?
>
> Working the other direction, if you want to track down the *advertiser* of
> a spam you've received (rather than the bot-net of the professional spammer
> he paid to *send* his offer) simply follow the money. Respond to the ad.
> Offer to buy the product or service. See who you have to pay. Your credit
> card company (and/or the police) should be able to help you identify who's
> caching the checks, especially if the goods are stolen, the service
> illegal, etc. Even then, the trail often leads all over the planet, making
> any meaningful investigation, lawsuit or prosecution all but impossible. I
> prefer to route as much spam as possible to the bit bucket, rather than
> obsessing over who sent it, and pondering all the medieval punishments that
> all spammers so dearly deserve.
>
> -dave
>
>
Dave,
Thanks for your detailed response and I agree in principal. My problem
is my server is home to 70+ domains which are using its STMP service to
deliver email from their hundreds, if not thousands, of email accounts.
I can patch all my scripts with the latest versions, update filters, and
more, but all I end up with is the server's shared IP address being
flagged by Spamhaus and such as being a source of spam, when it may very
well be a client's PC(s) causing the problem. I need a way to isolate
the cause or I need a way to filter outgoing email. Can you (or anyone
else) suggest a product that I can install on my server that can help
filter the spam coming via SMTP or ID the culprits? It is Redhat Linux
running a Plesk 8.0.1 control panel.
More information about the thelist
mailing list