From owner-freebsd-questions@FreeBSD.ORG  Mon Aug 15 17:35:41 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3E9CB1065672
	for <freebsd-questions@freebsd.org>;
	Mon, 15 Aug 2011 17:35:41 +0000 (UTC)
	(envelope-from alexus@gmail.com)
Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com
	[209.85.160.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 04DBC8FC1D
	for <freebsd-questions@freebsd.org>;
	Mon, 15 Aug 2011 17:35:40 +0000 (UTC)
Received: by gyd10 with SMTP id 10so3803349gyd.13
	for <freebsd-questions@freebsd.org>;
	Mon, 15 Aug 2011 10:35:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	bh=ZhnnmRoFRbCaa5+RP7wXRLmHHMQRjPW6ZmkTnu3+tMQ=;
	b=WZBjWjRgP71NV0kFVEj+tZx2YqJXmoOT3Wj0hsFpUDrAsjE+l9DnNbcFbe1iFRQNn4
	S9LX8b5T3lP1QJJc6I5tdw0xisLUOhpij8OokkCcg3UTANPVr5q4an+655Zm6xANc+GC
	Wro/CMXsIrA2au9MvgH88jrhZsukZcNuiQl5g=
MIME-Version: 1.0
Received: by 10.142.193.3 with SMTP id q3mr2051361wff.243.1313427915388; Mon,
	15 Aug 2011 10:05:15 -0700 (PDT)
Received: by 10.68.60.97 with HTTP; Mon, 15 Aug 2011 10:05:15 -0700 (PDT)
Date: Mon, 15 Aug 2011 13:05:15 -0400
Message-ID: <CAJxePNKiEmdimqgdtS-jYPOxExL6a489SR5JW2kCd25X6QFuHQ@mail.gmail.com>
From: alexus <alexus@gmail.com>
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=UTF-8
Subject: looking for a spammer/virii/malware .... on my system
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2011 17:35:41 -0000

I received a SPAM complain from my ISP and we're trying to figure out
what/where the problem is...

from headers:

Received: from 64.237.55.83 by webmail.west.cox.net; Sun, 14 Aug 2011
18:43:41 -0400

64.237.55.83 is an IP that resides on my box, obviously I'm not
sending out any spam intentionally, so maybe some of my users do and
not necessarily intentionally either could be a virus or malware or
whatever doesn't really matter, I just want to stop it.

so just for now I did this

su-3.2# ipfw add 666 deny ip from any to webmail.west.cox.net via any
00666 deny ip from any to 68.6.19.1
su-3.2#

what else can I do to find it on my system who's trying to connect to
remote webmail.west.cox.net ?


-- 
http://alexus.org/