Do you have PHP scripts on your server that make use of email? Make damn sure that those don't allow visitors to specify the address that mail is sent to. That means not having To fields in forms that create email.
That alone is not enough, as spammers can inject mail headers into poorly written mailer scripts. Check out http://www.alt-php-faq.org/local/115/ for a discussion on this.
You may not have control of all the scripts on your server, so you may want to read http://ilia.ws/archives/149-mail-logging-for-PHP.html which gives details of a PHP extension which logs all use of the mail function. That will give you a specific place to look for PHP related mail activity, which may be useful if you also send mail legitimately from this server.
The best way is to monitor traffic generated by the machine. This may show if something suspicious is happening no matter what is the source of the spam (is that badly configured mail server, badly configured proxy or some malicious software). Especially take look at outgoing connections to port 25. If you can see much more such connection than mails the machine is supposed to send, then the machine is probably abuse. But closer inspection you can also find many 'MX' queries (sent to find victims' name servers) or suspicious incoming connections (used to control a 'trojan horse' software).
Next step is to find the abused service and fix it.
and there are many ways to identify if any one is spamming. If your IP is blacklisted - most likely your server is sending a lot of spam. And if mail queue is very large -also..
Anyway, here are points to check:
Check your mailqueue, especially bounces to nobody and emails from nobody.
Make sure, you have installed "MailHeaders" extension for PHP and that nobody servermail is being redirected to some existing account and that you actually check these bounces to identify source of spam. This PHP extension will add path to the file, which has generated that mail.
Make sure you have some limit of how many emails your users are allowed to send per hour.
These are some points which will periodically notify, if some script is sending too much emails.
If you are unsure about all this, then I can look and fix these things.
One of the easiest ways is to check your /var/log/maillog (default location) to see if it's sending out mail that you're not expecting.
I've used abuse.net in the past to check that my server is not an open relay.
Not used it for a while though, but gotta be worth a quick test if you're worried/unsure.
Do you have PHP scripts on your server that make use of email? Make damn sure that those don't allow visitors to specify the address that mail is sent to. That means not having To fields in forms that create email.
That alone is not enough, as spammers can inject mail headers into poorly written mailer scripts. Check out http://www.alt-php-faq.org/local/115/ for a discussion on this.
You may not have control of all the scripts on your server, so you may want to read http://ilia.ws/archives/149-mail-logging-for-PHP.html which gives details of a PHP extension which logs all use of the mail function. That will give you a specific place to look for PHP related mail activity, which may be useful if you also send mail legitimately from this server.
The best way is to monitor traffic generated by the machine. This may show if something suspicious is happening no matter what is the source of the spam (is that badly configured mail server, badly configured proxy or some malicious software). Especially take look at outgoing connections to port 25. If you can see much more such connection than mails the machine is supposed to send, then the machine is probably abuse. But closer inspection you can also find many 'MX' queries (sent to find victims' name servers) or suspicious incoming connections (used to control a 'trojan horse' software).
Next step is to find the abused service and fix it.
You need to check your mail logs -
and there are many ways to identify if any one is spamming. If your IP is blacklisted - most likely your server is sending a lot of spam. And if mail queue is very large -also..
Anyway, here are points to check:
servermail is being redirected to some existing account and that you actually check
these bounces to identify source of spam. This PHP extension will add path to the
file, which has generated that mail.
These are some points which will periodically notify, if some script is sending too much emails.
If you are unsure about all this, then I can look and fix these things.
What about this script, this will also find php script sending spam
prints destination of all email which sent from your server: