I am still pouring over logs to check how my server has been spamming. I am wondering about the possibility of someone using a working login and password to send spam through my server. So here is my question;
I look at my maillog and see the following spam; maillog.0:Jan 11 02:14:17 3s1 sm-mta: l0B7EGO6003540: from=<[EMAIL PROTECTED]>, size=478, class=0, nrcpts=1, msgid=<200701110714.l0B7 [EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=3s1.com [126.96.36.199] [EMAIL PROTECTED] does not exist as a user on my system, but the relay is mine (3s1.com), and 188.8.131.52 is mine. How can I find out or log when a user sends mail, what authentication was used? If they have to login to send through my server, who did they login as? - how would I find that out? _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"