At 20.10 13/04/2005, you wrote:
If remote user is sending using an authenticated SMTP session, you would find his name within chkuser logging.
Look at these entries from my smtpd log:
@40000000425d6a992de7abbc.s:@40000000425d6a2c106b451c CHKUSER rejected rcpt: from <::> remote <fusion.fast-servers.net:unknown:188.8.131.52> rcpt <[EMAIL PROTECTED]> : not existing recipient
@40000000425d6a992de7abbc.s:@40000000425d6a250b7faffc CHKUSER rejected rcpt: from <::> remote <mx03.scottish-southern.co.uk:unknown:184.108.40.206> rcpt <[EMAIL PROTECTED]> : not existing recipient
rcpt: from <::> have no user name. Is that the right place for this information.
Right, where you read from <::>, you could read <[EMAIL PROTECTED]:[EMAIL PROTECTED]:relayclientvalue> (see http://www.interazioni.it/opensource/chkuser/documentation/logging_format.html for more info on chkuser logging format).
Also the other indication may be important, as <mx03.scottish-southern.co.uk:unknown:220.127.116.11> means that remote host declares itself as mx03.scottish-southern.co.uk, but its real address 18.104.22.168 has no reverse. Usually I put them in black list when I see a dial-up or ADSL connection. It's up to you to give a value to such informations.
What I'm missing?
All these message are sent with "From: <>", as they could be sent you by mail-daemons sending back e-mails for not existing recipients .
As someone else is writing in other messages, probably someone sent spam messages using as senders fake addresses on your domains. So, if original recipients systems act like normal qmail systems, they accept every message and later send back a reply to all fake senders. So you receive all these messages back from smtp servers.
Thanks, -- Walter.