How to identify the source of spam mails

sparktino · Mar 27, 2013

Hello,

One of the email accounts of our domain has been used to send spam mails. How we can identify the source from which these spam mails are being sent. I would like to know whether it is through the website itself by injecting some malicious codes or it through an email client. Is it possible to identify the source from exim logs?

Code:

=================

2013-03-27 04:03:01 1UKlJz-0003Ba-Er <= "username"@"domainname" H=("domainname") [xx.xxx.xxx.xxx]:58513 P=esmtpa A=dovecot_login:"username"@"domainname" S=2507 id=026EFCFA.DAD70703@"domainname" T="Don't lack boners with these risk-free drugs. Door-to-door shipping!" for [email protected] [email protected] [email protected] [email protected]

=================

Regards
Tino

ThinIce · Mar 27, 2013

Code:

A=dovecot_login:"username"@"domainname"

From a glance at what you've provided it appears to be via a login to that mailbox

quietFinn · Mar 27, 2013

And the IP they connect from you see in this:

[xx.xxx.xxx.xxx]:58513

sparktino · Mar 27, 2013

Hi,

Thanks guys for the reply.

Yes, it looks like somebody hacked the password for this particular email account. I had to change the password for the account.

Thread starter	Similar threads	Forum	Replies	Date
N	Email Bounce-Need to identify the issue	Email	3	Mar 16, 2022
M	Cannot verify server identify error message in MacOS/iphone email app	Email	9	Sep 30, 2021
	need help identifying reject reason	Email	2	Feb 5, 2020
	How to identify which device is failing?	Email	16	Feb 14, 2019
R	How to identify process owner / control resource intensive process	Email	4	Jan 5, 2011

Search

Search

How to identify the source of spam mails

sparktino

Member

ThinIce

Well-Known Member

quietFinn

Well-Known Member

sparktino

Member