question on smtp AUTH
David Banning
david+dated+1169143698.53a39d at skytracker.ca
Sat Jan 13 19:05:06 UTC 2007
I am still pouring over logs to check how my server has been spamming.
I am wondering about the possibility of someone using a working login and password
to send spam through my server. So here is my question;
I look at my maillog and see the following spam;
maillog.0:Jan 11 02:14:17 3s1 sm-mta[3540]: l0B7EGO6003540:
from=<www at 3s1.com>, size=478, class=0, nrcpts=1, msgid=<200701110714.l0B7
EGMu003539 at 3s1.com>, proto=ESMTP, daemon=MTA, relay=3s1.com [209.161.205.12]
www at 3s1.com does not exist as a user on my system, but the relay is mine
(3s1.com), and 209.161.205.12 is mine.
How can I find out or log when a user sends mail, what authentication was
used? If they have to login to send through my server, who did they login
as? - how would I find that out?
More information about the freebsd-questions
mailing list