Lpic1challenger
New Member
A server managed by the company received a report.
■Overview
I received the following report from the reporter.
”An SMTP connection was made from our managed IP(IP managed by my company).
After clearing SASL authentication, a phishing email was sent.”
Therefore, we would like our company, which has the source IP, to take measures.
■Question
Which log should I look at on our server, which is the source of the connection for sending malicious emails?
We use Linux CentOS7 postfix.
I also looked at the following logs, but I couldn't find any logs that led to the connection information to the cracked server.
/var/log/maillog
/var/log/secure
/var/log/messages
■Overview
I received the following report from the reporter.
”An SMTP connection was made from our managed IP(IP managed by my company).
After clearing SASL authentication, a phishing email was sent.”
Therefore, we would like our company, which has the source IP, to take measures.
■Question
Which log should I look at on our server, which is the source of the connection for sending malicious emails?
We use Linux CentOS7 postfix.
I also looked at the following logs, but I couldn't find any logs that led to the connection information to the cracked server.
/var/log/maillog
/var/log/secure
/var/log/messages