On Fri, 04 Apr 2014 12:58:37 +0000 courier-users-requ...@lists.sourceforge.net wrote:
> On 4/4/2014 8:28 AM, Lisa Muir wrote: > > > > Guys, > > > > I thought I had this one covered, all SMTP must be authenticated on > > our server. > > > > It is very evident from examining increased server load that we are > > being used as a SPAM relay and have not yet hit a blacklist. > > > > Looks like a website got hacked and an email account details must have > > been in there. > > > > For the life of me, when I search mail.log etc I can't find the > > username of the user who authenticated an SMTP session. > > > > I'd like to quickly enable this in my logs so that I can shut down the > > compromised account, if anyone has a quick heads up I'd appreciate it. > > On my server, I see a line like this in the logs: > > courierd: newmsg,id=000000000022805E.533E911D.000019DB, auth=x...@xxx.xxx > > If I enabled a setting to get this, I can't find it now. > > -- > Bowie Hi, I think you find this line: newmsg,id=000000000022805E.533E911D.000019DB, auth=x...@xxx.xxx in the mail queue files - should be in /var/lib/courier/msgq can't verify it right now because the mail queue is empty. BTW, you check your mail queue with the 'mailq' command. Bernd
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
