Spammers caught?

[web12]

Just wanted to know, i have seen a massive increase in mail being sent from the server this last week, and then (perhaps unsurprisingly) i got a complaint of spam originating from this particular server.

Looking through the complaints, they seem to be very similar and state they are coming from [email protected] which is definitely not an account on my server... so digging through the exim logs i found this...
------------------------------------------------------------
2002-12-13 10:45:25 18Ms0C-0000Au-00 Completed
2002-12-13 10:45:25 18Ms0D-0000Az-00 &= [email protected] H=(trish) [207.13.165.17] P=asmtp A=fixed_login:[email protected] S=1626
2002-12-13 10:45:25 18Ms0D-0000B0-00 &= [email protected] H=(trish) [207.13.165.17] P=asmtp A=fixed_login:[email protected] S=1620
2002-12-13 10:45:25 18Ms09-0000Ag-00 =& [email protected] R=lookuphost T=remote_smtp H=mail.effectuality.com [66.70.99.202]
2002-12-13 10:45:25 18Ms09-0000Ag-00 Completed
--------------------------------------------------------------
The less.us is an account on this server, so would you say that is where it is originating?

Strange as there is nothing in the account at all... i went looking for a cgi script, but there are no proggys there at all.

Just wanted to confirm before i suspend this account.

thanks

 

[mrprez]

Sounds typical. Spammers aren't interested in the webspace, all they are interested in is access to sendmail or SMTP. They have the mail program running on their computer.

Looks like you got him.

I hope you have a spam clause in your AUP so you can charge his butt $500 for each incident.

John

 

[web12]

Unfortunately, it wasnt my client, it was a resellers.

But still glad that headache is over

 

[netarus]

Speaking of this topic, anyone recommend a good checklist of logs to check out occassionally? We basically monitor the core stuff within Cpanel, however, what else is there to view and skim for?

(i.e. DOS Attacks, etc.)