>I figured out how they were able to authenticate.
How were they able to authenticate?
>But I still don't know who they are. Somehow they must have picked the
>password for one of the users on the physical host (i.e. our administrators)
Why do you think that?
>This is because the message headers show the physical host name:
>
>Received: from 66.46.145.35 [212.13.72.2] by imail9
> (SMTPD32-7.12) id A712151400C8; Tue, 08 Oct 2002 15:50:42 -0400
>
>If it were a customer the headers would show the customer domain name
>instead of imail9
So you're guessing from this header that a spammer used the password of one
of your administrators? Why not post the log file entries?
Blocking the spammer using rules may be a nice quick fix, but if the
spammer really did break into one of your administrator accounts, shouldn't
you be more concerned about that?
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
