How to prevent spam to be sent out

Hi,

I'm exhausted to receive abuse complaint from my DC due spam attack from my servers and i really want to prevent it before happening and also want to now some tips to help me to implement a zero tolerance spam control on my servers.

I would like to know with you gays what do you do, what logs you use or tools to find a script or account that is sending spam out of my servers, for example, today i received the following spam abuse report.

------------

Code:

Hello Abuse-Team,

your Server with the IP: xxx.xxx.xxx.xxx has attacked one of our server on the service:
"postfix"  on Time: Wed, 19 Jun 2013 22:10:08 +0200
The IP was automatically blocked for more than 10 minutes. To block an IP, it needs
3 failed Logins, one match for "invalid user" or a 5xx-Error-Code (eg. Blacklist)!

Please check the machine behind the IP xxx.xxx.xxx.xxx (hostname.server.com) and fix the problem.

real-time data for this day available at:

/http://support.clean-mx.de/clean-mx/publog?ip=xxx.xxx.xxx.xxx


You can parse this Mail with X-ARF-Tools (1. attachment = Details, 2. attachment = Logs).
You found more Information about X-Arf under /http://www.x-arf.org/specification.html

If you have a special x-arf email contact, please drop us a note.

In the attachment of this mail you can find the original protocols of our systems.

yours

Gerhard W. Recher
(Geschaeftsfuehrer)

NETpilot GmbH

Wilhelm-Riehl-Str. 13
D-80687 Muenchen

GSM: ++49 171 4802507

Handelsregister Muenchen: HRB 124497

w3: /http://www.clean-mx.de

e-Mail:   mailto:abuse@clean-mx.de
PGP-KEY:   Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: /http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc

Evidence:
attacked server: relay3.netpilot.net
envelopesender: user @ yahoo.com
enveloperecpient: user @ com-con.net
Helo: hostname.server.com
source-ip: xxx.xxx.xxx.xxx
protocol: ESMTP
instance: predata05.2dd.51c21020.45275.0
size: 18181
reason: 5 -->554 User (%s)  not known to us please verify your adressbook for any typos in this email adress or inquire manually
Evidences so far in total for this ip:1

--------------------------

My doubt is, how can i address this issue to find the user, script or account that is doing some attack or sending spam from my server.

Thank you!

 

Thanks your TIP Thinlce, i'm going to check this doc you shared me. I'm already using the CSF and also MailScanner on the server.

So based on the email the abuse sent me, do you have any idea how can i figure out which user or script did this?