Guys, I thought I had this one covered, all SMTP must be authenticated on our server.
It is very evident from examining increased server load that we are being used as a SPAM relay and have not yet hit a blacklist. Looks like a website got hacked and an email account details must have been in there. For the life of me, when I search mail.log etc I can't find the username of the user who authenticated an SMTP session. I'd like to quickly enable this in my logs so that I can shut down the compromised account, if anyone has a quick heads up I'd appreciate it. Thanks, Lisa.
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users