Looks like spam is being relayed through my big server. Not sure how they're doing it; I'm using SMTP-AUTH (0.4.2) & it seems to work properly. Any clues would be appreciated & I'm happy to show whatever files people want to see, but for now I'm going on the assumption that someone has gotten a password & is authenticating. So, my question for this list is: is there a way to add an auth header to outgoing messages so I can see which account was used? Or is it logged somewhere by default? My apologies, I'm sure this is documented somewhere, but I'm not sure where & my priority right now is closing this hole.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin
"...qui desiderat pacem, praeparet bellum" (...if you would have peace, be prepared for war) -Flavius Vegetius Renatus