Outgoing spam comes from the server, and not through spam scripts (which could be detected through the X-php-script patch), but presumably through outgoing connections to open relays. How can this be detected?
There is a thought to transfer all OUTPUT requests port 25 to the second server and log there already. What is the most correct way to carry out such an operation?
And why you do not want to use logging on the same server, -j LOG or -j ULOG? If you want more intelligent methods, use Snort , for detection.
Much depends on how many resources you are willing to donate, the frequency and severity of this spam, etc.
presumably through outgoing connections to open relays
What is it like? You can spam via phpmail or sendmail, postfix, telnet, etc ...
What is the most correct way to carry out such an operation?
well, or if any service lives and spam it to watch it
sockstat | grep ": 25"
Source: https://ru.stackoverflow.com/questions/338562/
All Articles