1

I would like to know how to identify the script a spammer is using to send out SMTP HELO requests as keqakku.com via Port 25.

I have already used several scanners like chkrootkit & rkhunter wiht no success. Inspecting the sys.log and ufw.log files wasn't successful as they don't log my own SMTP HELO request neither, just mail delivery.

By the way, my own valid SMTP HELO requests as my actual domain don't let my IP getting blacklisted.

TesterOlaf
  • 11
  • 3
  • Does this answer your question? [How do I deal with a compromised server?](https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server) – Ginnungagap Nov 27 '20 at 15:50
  • I assume yes, that's the second SF page where a full rebuild of the server is the most recommended one – TesterOlaf Nov 27 '20 at 15:59

0 Answers0