Webhost’s Dairy : My X-mas wasn’t all just fun (part I/II)
It was a great week of celebration and joy for me. All was good, with relatively lower volumes of ticket, and better than average sales. Yet again somehow bad things just don’t wait for season changes.
Well, I take it for granted that one should learn from mistakes. But then you need not wait untill you end up with a mistake; You could very well learn from mine 🙂
Last week I had almost got my server un-plugged by my NOC for abuse. Well, I am glad that it really did not happen, just because I took the pain to reply promptly to the abuse ticket in my NOC’s help-desk. I must admit that the abuse desk guys could really get you crazy. That said, I do reckon its need, and do have the big picture that the abuse guys are helping customers in the whole network. I myself have complained of my IP block featuring in blacklists, when none of my servers were involved in any spamming, but this time it was me.
One of my shared servers was reported to be sending unsolicited bulk mails(yeah the same thing – s p a m), and I was given 12 hours to resolve this issue or else my server was to be un-plugged for non compliance with the DC’s aup.
The very first thing I checked was if there was any active spamming in the server. Well, if that was the case, I’ve heard that it is easy to find out how the spamming is actually taking place. Well, that was something I had read in a forum, but trust me, I had no clue as to how that would help me, given my situation.
So, I just tried a netstat and figured out that there wasn’t high number of connections to the mail-server. Well, I had Qmail running in the server, and to be honest I find it hard to analyze Qmail logs. Exim logs looked far more simple, and did make sense to me.
So now I knew that I wouldn’t get far with my limited knowledge, and all the while I knew that my server was indeed featuring in some spamming activity. Much from the edited and truncated mail header given to me by the DC guys. Again, I don’t blame them for the editing/pruning, as it should have been pruned by the person/agency who reported the spamming.
The good news(at least for me) is that I did find out the spammer in under an hour, and I’ll narrate what I did, in my next write-up. Do have a great year ahead 🙂
About the Author :
Sankar works as a Senior Software Engineer in Bobcares. He joined Bobcares back in April 2006. He loves grooming/mentoring people. During his free time, he listens to music, and enjoys singing..