Scalix Forums

Hi there,

I think I've got a machine "somewhere" with a bot on it since I keep getting stuff accumulating in the /var/spool/mqueue directory that is getting refused and, judging by the addresses, looks to be spam. Our ip has been blacklisted because of this outgoing email and I'm curious if anyone could help.

Is there some way that, in the message logs etc, to find what local ip address these emails are originating from? Most machines on our network are new, are running antivirus software and should be fine. Others, particularly those owned & admin'ed by some of the managment are not being taken care of by myself and I cannot vouch for them. I've got to figure out who the offender is before I can un-blacklist our ip.

Is there not some way of configuring scalix to scan OUTGOING email for spam?

A million thanks in advance.

Hi,

Look in the mqueue directory and see if you can read the files containing the messages - these will include the headers, and should have the IP address of the client causing the problem. We use SpamTitan which acts as a smart host for Scalix - you can download the ISO and build yourself a spam box appliance for a fraction of the cost of a Barracuda firewall or the like, or follow the howtos on this forum for integrating Spamassassin into Scalix, but as we have over 200 users on the server I wanted to put less of a load on the Scalix box.

Andrew.

Thanks for the pointers. I'm going to look into making a dedicated spam box as a gateway so the scalix machine isn't doing so much. We only have about 50 email accounts and only a few of those are heavily used so things aren't that bad.

I found out by looking at the queue files that they were out-of-office replies to spoofed addresses so there was nowhere for them to go. Nice to hear that my trojan/spambot worries were unfounded.

Hi,

That figures - we used to get blacklisted because of this sometimes, as well as having NDR messages going out all over the place. If you are like me and have enough Linux boxes to maintain already without having another one to play with :), I would give Spamtitan a look, as it is quite cheap, and will really make a difference to messages coming in and out of the server. We use recipient verification, so that invalid recipients are blocked at the gateway level, meaning we never generate NDRs, and it has a very good spam detection rate, giving users nightly reports which are easy to release messages from if they need to, and of course, that means that the out of office replies don't end up going to Spambot honeypot addresses.

Andrew.