On my postfix box what is the easiest way to add up what IP is sending all
of the viruses to my mailserver?
I am not sure if below text is just the log created for 1 email or more
than 1 email.
What I see in my logs:
Jun 15 14:23:31 mail postfix/cleanup[30419]: 1: message-id=<x5904.
74764043277@....>
Jun 15 14:23:31 mail postfix/qmgr[3515]: CAF1A6F6E1:
from=<
someone@microsoft.com>,
size=18648, nrcpt=1 (queue active)
Jun 15 14:23:31 mail postfix/smtpd[30015]: disconnect from unknown[ip address
]
Jun 15 14:23:31 mail amavis[30512]: (30512-02) INFECTED (Worm.Zafi.B),
<someone@mic
rosoft.com> -> <
someone@mydomain.org>, quarantine virus-015-142331-3
0512-02, Message-ID: <x548811904.74294043277@wn>, Hits: -
Jun 15 14:23:31 mail postfix/smtp[30341]: CAF6E1:
to=<
someone@mydomain.org>, relay=127.0.0.1[127.0.0.1], delay=1,
status=sent (250 2.7.1 Ok, discarde
d, id=30512-02 - VIRUS: Worm.Zafi.B)
Jun 15 14:23:34 mail postfix/smtpd[30015]: warning: their.ip: hostname
someone.likes.sendvirus.domain verification failed: Host not found
Jun 15 14:23:34 mail postfix/smtpd[30015]: connect from
unknown[some.ip.of.virus.sender]
Jun 15 14:23:34 mail postfix/smtpd[30015]: E44C96F6E1: client=unknown[]
Jun 15 14:23:35 mail postfix/cleanup[30362]: E44C96F6E1:
message-id=<x548811904.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)