David Kaufman wrote: > Hi Norman, > > "Norman Bunn" <norman.bunn at craftedsolutions.com> wrote: > >> I am fruitlessly trying to determine the source of some spam that is >> coming from or through my server. The hosting company has suggested I >> get a qmail log analyzer. Does anyone have a recommendation on one that >> works well for them? >> > > I don't analyze my email logs, myself, but: > > here are #1 thru 10 of about 914 that Google knows of... > <http://www.google.com/search?hl=en&q="qmail+log+analyzer"> > > I mean to say that there are lots of them, but I highly doubt that *any* > amount of email server log analysis will help you to "determine the source > of some spam". It is (as you've noted) a fruitless endeavor. Spammers are > very good at preventing you from determining the sources of their messages. > And these days, when you do track some spam to the IP address which sent > it, and identify who owns that computer, you learn that they don't really > control it. Most spam is sent by bots, usually broadband-connected and > virus-infected computers that are controlled by a "bot-net". The computers > themselves are owned and operated by unsuspecting users who have (among > millions of others) unwittingly become the tools of the owner of the > bot-net. > > So while you *may* find the innocent and unwitting pawn of some spammers > bot-net, what's the point? Isn't it a far better use of your time and > effort to install, configure and maintain very good spam-filters and > block-lists to protect your servers and workstations from spam in the first > place, so that you don't have to care? > > Working the other direction, if you want to track down the *advertiser* of > a spam you've received (rather than the bot-net of the professional spammer > he paid to *send* his offer) simply follow the money. Respond to the ad. > Offer to buy the product or service. See who you have to pay. Your credit > card company (and/or the police) should be able to help you identify who's > caching the checks, especially if the goods are stolen, the service > illegal, etc. Even then, the trail often leads all over the planet, making > any meaningful investigation, lawsuit or prosecution all but impossible. I > prefer to route as much spam as possible to the bit bucket, rather than > obsessing over who sent it, and pondering all the medieval punishments that > all spammers so dearly deserve. > > -dave > > Dave, Thanks for your detailed response and I agree in principal. My problem is my server is home to 70+ domains which are using its STMP service to deliver email from their hundreds, if not thousands, of email accounts. I can patch all my scripts with the latest versions, update filters, and more, but all I end up with is the server's shared IP address being flagged by Spamhaus and such as being a source of spam, when it may very well be a client's PC(s) causing the problem. I need a way to isolate the cause or I need a way to filter outgoing email. Can you (or anyone else) suggest a product that I can install on my server that can help filter the spam coming via SMTP or ID the culprits? It is Redhat Linux running a Plesk 8.0.1 control panel.