Welcome to WebmasterWorld Guest from 188.8.131.52
how can i tell if we have been attacked? where can i learn to analyze the maillog file to see if our domain is being used to spam people? here is an example of a line in our maillog file:
Dec 28 21:26:43 servername postfix/qmgr: 212DFC4323: to=<email@example.com>, relay=none, delay=3969, delays=3939/30/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mydomain.com[ipaddress]: Connection timed out)
thanks in advance!
Check your FormMail (or similar script) to be sure that it is up-to-date and secure. Make sure that it does not accept newlines or any special characters in any of the 'address' headers such as 'To', 'From', 'CC', 'BCC', 'Reply-to' or 'Subject'. If it does, then it will be quite easy to send spam from your server using simple injection tricks.
If your server is commercially-hosted, ask your host for help. If they can't help, then you need a new host.