> I have not found anything in the logs that indicate the account that > is authenticating to send the spam....
You should see "Authenticated $username, session treated as local." It also is helpful to run a script using a command-line POP3 client (I have used Getmail.exe) against all of your mailboxes to check for ($username == $password) or ($password == "password") or ($password == <other extremely obvious cases>). You can't apply much intelligence, but you can catch obvious vulnerabilities. Be sure to use command-line options to avoid retrieving any actual mail! --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
