Date: Sat, 13 Jan 2007 13:08:17 -0500 From: David Banning <david+dated+1169143698.53a39d@skytracker.ca> To: questions@freebsd.org Subject: question on smtp AUTH Message-ID: <20070113180815.GA7980@skytracker.ca>
next in thread | raw e-mail | index | archive | help
I am still pouring over logs to check how my server has been spamming. I am wondering about the possibility of someone using a working login and password to send spam through my server. So here is my question; I look at my maillog and see the following spam; maillog.0:Jan 11 02:14:17 3s1 sm-mta[3540]: l0B7EGO6003540: from=<www@3s1.com>, size=478, class=0, nrcpts=1, msgid=<200701110714.l0B7 EGMu003539@3s1.com>, proto=ESMTP, daemon=MTA, relay=3s1.com [209.161.205.12] www@3s1.com does not exist as a user on my system, but the relay is mine (3s1.com), and 209.161.205.12 is mine. How can I find out or log when a user sends mail, what authentication was used? If they have to login to send through my server, who did they login as? - how would I find that out?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070113180815.GA7980>