question on smtp AUTH

[David Banning]

> That would seem to suggest that the spam is being sent using an authorized 
> account, however, is it possible that a host inside your network is 
> sending the spam?

Thanks for that test Paul. I do believe that it could have been a virus
infected windows box. I am not convinced now. I -do- know that I have
had crackers attempting access via SSH and I did not have anything to
stop them from trying every possible configuration. Eventually they
may have gotten a usable login and password. I now have them blocked
after 5 failed attempts but still there could be someone spamming using
the login and password obtained previously. Before getting -everyone-
to change thier password I am wondering if there isn't a way to log
who is sending via what login authentication. I could then just
setup a new password for that user only.