Spamming – You might have the experience or not! It is said to be a message found unsolicited sent from a messaging system to hack our information. It will reflect on your social media too! Let us give you some examples to predict spamming activities in social media, internet forum, Wikipedia, search engine, and messages. Spam types are varied with technology bases such as a foreign bank, phishing, trackback, comment and email spam.
The server uses the MTA to manage the delivery of the email. Exim is the major service in email activity because it deliberately manages the email delivery even it is scripted based program. In future, you may have a situation to cross-check email logs. Here, Exim acts as the main interface to save all the email logs from starting to end.
How to find the IP address of spammers?
Just run the below-mentioned IP address to find the spammers:
How to make a list of email senders?
For instance, if you want to make a list of email senders go to Exim mail queue which stores the email list. Run the below script to get email sender list:
The output will be displayed as:
The numbers displayed at the left is the count of the email sent by senders. For example, marklow@domain123test.com has sent 200 emails.
How the spam gets originated?
Usually, the script plays the main role for creating spam mails. In that case, you need to find out which script is actually sending spam mails.
Compare the first, second and third script together. You can find the similarities of first and second in third scripts.
Predicting out the result of first and second is mentioned below:
How to find the actual script for spamming from the mail server?
We have shown one script of spamming in second part. If at all, you will be known that finding current spamming script is difficult but it’s easy by running below script:
Place the script location in <location of script>. It shows the actual sending spamming script along with the IP address of the sender. Now, it is possible to block the IP address of the spammer right? Sort out which IP address has more number of access block that immediately by using APF or CSF firewall.
Which PHP script sends the email?
Every PHP developer knows the script for sending emails. But it is not possible to get help from them at all time. So, we must know the script to make an immediate solution:
Get the domain list by choosing the top 50 then execute the below script:
Check the home user email sender by running the script mentioned below:
Port 25 – You must know how many IP address is get connected with Port 25 server.
If any of the IP address goes more than 10 limitations of connection then don’t hesitate to block the IP address. It’s the spam content:
Have you heard about the issue of spamming called nobody?
To find the currently running spamming script also to freeze nobody spamming sender just execute the script:
The output will be:
Check the PWD value to know more number of counts. So, open the file to check the inside value such as “/var/spool/mail/var/spool/exim” or /. This is very common so you don’t need to worry about the output.
If you find any spamming activity no more seconds just run the script:
How to get the summary of spam mails?
The above script will show the summary of spam mails.
Count Volume Oldest Newest Domain
Hope, the information given above will be very useful to you! Predicting the spammers is the most challenging work. You will be occupied by the spammer if you allow them even unconsciously. Situations may vary but precaution is ours!
The server uses the MTA to manage the delivery of the email. Exim is the major service in email activity because it deliberately manages the email delivery even it is scripted based program. In future, you may have a situation to cross-check email logs. Here, Exim acts as the main interface to save all the email logs from starting to end.
How to find the IP address of spammers?
Just run the below-mentioned IP address to find the spammers:
Code:
# grep “massmailer.php” /home/<username>/access-logs/<domainname> | awk ‘{print $1}’ | sort -n | uniq -c | sort –nFor instance, if you want to make a list of email senders go to Exim mail queue which stores the email list. Run the below script to get email sender list:
Code:
# Exim -bpr | grep “<” | awk {‘print$4’} | cut -d “<” -f 2 | cut -d “>” -f 1 | sort -n | uniq -c | sort –n
Code:
2 game@domain.com
8 series@testdomain.in
200 marklow@domain123test.comHow the spam gets originated?
Usually, the script plays the main role for creating spam mails. In that case, you need to find out which script is actually sending spam mails.
Code:
# grep “cwd=/home” /var/log/exim_mainlog | awk ‘{for(i=1;i<=10;i++){print $i}}’ | sort | uniq -c | grep cwd | sort -n
# awk ‘{ if ($0 ~ “cwd” && $0 ~ “home”) {print $3} }’ /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
# grep ‘cwd=/home’ /var/log/exim_mainlog | awk ‘{print $3}’ | cut -d / -f 3 | sort -bg | uniq -c | sort -bgPredicting out the result of first and second is mentioned below:
Code:
9 cwd=/home/domain1/public_html
10 cwd=/home/domain2/public_html/a1/www
12 cwd=/home/domain3/public_html
71 cwd=/home/domain4/public_html
190 cwd=/home/domain5/public_html/webWe have shown one script of spamming in second part. If at all, you will be known that finding current spamming script is difficult but it’s easy by running below script:
Code:
# ps auxwwwe | grep <user> | grep –color=always “<location of script>” | head
Code:
# grep “<script_name>” /home/user/access-logs/<domainname> | awk ‘{print $1}’ | sort -n | uniq -c | sort –nEvery PHP developer knows the script for sending emails. But it is not possible to get help from them at all time. So, we must know the script to make an immediate solution:
Code:
# egrep -R “X-PHP-Script” /var/spool/exim/input/*
Code:
# eximstats -ne -nr /var/log/exim_mainlogv
Code:
# ps -C exim -fH ewww | grep homeIf any of the IP address goes more than 10 limitations of connection then don’t hesitate to block the IP address. It’s the spam content:
Code:
# netstat -plan | grep :25 | awk {‘print $5’} | cut -d: -f 1 | sort | uniq -c | sort -nk 1To find the currently running spamming script also to freeze nobody spamming sender just execute the script:
Code:
# ps -C exim -fH ewww | awk ‘{for(i=1;i<40;i++){print $i}}’ | sort | uniq -c | grep PWD | sort –n
Code:
9 PWD=/
238 PWD=/home/sample/public_html/abcIf you find any spamming activity no more seconds just run the script:
Code:
# grep “cwd=” /var/log/exim_mainlog | awk ‘{for(i=1;i<=10;i++){print $i}}’ | sort | uniq -c | grep cwd | sort –n
Code:
# exim -bpr | exiqsumm -c | headCount Volume Oldest Newest Domain
Code:
23 211KB 48h 56m dcaki.com
7 24KB 30h 9m gmail.com
