Got an email from my blacklist-monitoring service with the following content:

 

• Various sorts of open proxies. An open proxy is generally a web server that allows email sending to piggyback on a script that sends email.
• Dedicated Spam BOTs used to send spam.
• Worms/viruses that do their own direct mail transmission.
• Trojan-horse or "stealth" spamware.

 

Did anyone else ever experience this?

Checked the log-files but cant find any unusual activities. Could it be that the spam is sent out "under the radar" not loged in the logfiles?

How can I check if the webserver is an open proxy?

 

Thank you for any advice.

 

mail logs?

That is the problem. No unusual activity. I have logwatch running and the outgoing emails reported are not a lot and all send to the typical receipient.

My question is if there are modifications out there that bypass the standard MTA and use the server to send out spam? If yes, how can they be detected?

try something like this: https://www.rfxn.com/projects/linux-malware-detect/ - found a few things for me when i needed it

Thanks so much for this link. Installed it.