I am still pouring over logs to check how my server has been spamming.

I am wondering about the possibility of someone using a working login and 
to send spam through my server. So here is my question;

I look at my maillog and see the following spam;

maillog.0:Jan 11 02:14:17 3s1 sm-mta[3540]: l0B7EGO6003540: 
from=<[EMAIL PROTECTED]>, size=478, class=0, nrcpts=1, msgid=<200701110714.l0B7
[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=3s1.com []

[EMAIL PROTECTED] does not exist as a user on my system, but the relay is mine
(3s1.com), and is mine.

How can I find out or log when a user sends mail, what authentication was
used? If they have to login to send through my server, who did they login
as? - how would I find that out?
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to