If remote user is sending using an authenticated SMTP session, you would find his name within chkuser logging.
I setup this server using Shupp toaster. I don't know where chkuser are logging this information. Please, can you point me to the right direction? Anyway I'll go to re-read chkuser docs. I did that when I setup the toaster a few months ago.
Probably, as Ken is saying, are simply some viruses trying to guess recipients on your MX hosted domains.
Probably. But I getting this "attack" form several diferent IP's like: 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 and so many others...
Multilog is rotating 1 Mb logs in a few minutes, but I get them all blocked.
Thanks, -- Walter Souto R. Junior Bayweb Internet Consulting Tel/Fax: +55 (21) 2226-3625 Celular: +55 (21) 9323-7283