Symptoms
System notifications reporting "The system has detected an unusually large amount of outbound email.".
Description
A system email is received detailing a large number of outbound emails have been detected by a user on the server. The email will resemble:
The system has detected an unusually large amount of outbound email.
It is possible that the following email address has been sending spam from =
your server:
* $(user)
The system detected that this email account sent messages to a large number=
of distinct recipients in an hour.
The system holds outbound emails from this email account because you config=
ured the system to automatically hold email from accounts that it detects a=
s potential spammers.
Workaround
You may use the following command to confirm mail is originating from the referenced user:
# grep '<= $(user)' /var/log/exim_mainlog | grep $(date) |wc -l
*Please replace the values $(user) & $(date) with the relevant user and date.
Often these emails are generated by a user script, which may be found with the following command:
# grep 'cwd=/home/$(user)' /var/log/exim_mainlog | sort | uniq -c | sort -n
*Please replace the $(user) variable with the actual user.
The results of this will need to be evaluated by a systems administrator in order to ascertain if the mailings are legitimate.
Comments
0 comments
Article is closed for comments.