/var/log/maillog. Also examine the headers of the forged mails, and look
for headers like sender / x-sender (in pine / mutt), x-apparently-from etc.
If the forger is logged into your server and is using pine to send the
mails, you'll also see something like
received from: forger@localhost by krec.ernet.in for <[EMAIL PROTECTED]>
etc.
Post headers and the relevant part of the maillog. Also examine your login
records (/var/log/secure) and check who was logged in at that time.
Suresh Ramasubramanian [EMAIL PROTECTED]
Juno.Com Postmaster/Abuse Desk, Hyderabad India
Phone # +(91-40)332-3274 extn 8815
> -----Original Message-----
> From: Pramodh B N [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, April 13, 2000 9:22 AM
> To: [EMAIL PROTECTED]
> Subject: [LIH] SMTP problem
>
> we have a mail server in our network with 3 mail servers vidur, seeta,
> chaitra..
> the problem is some one is using SMTP to create mails and sending mails in
> others name.. so i want to find out who is doing this..
> is there any method by which i can track the person sending the mails
> using SMTP by invoking telnet in port 25 ??
>
>
-----------------------------------------------------------------------
LIH is all for free speech. But it was created for a purpose - to help
people discuss issues about installing and running Linux. If your
messages are counterproductive to this purpose, your privileges to
submit messages can and will be revoked.
