>Hi all. It looks like one of my users may have created a mail form to send
>out spam. I'm getting a bunch of undeliverable messages back. Here is the
>header from one of the spooled files. Note that it's using DevMailer which
>is the command line mail program that my FormMail.pl uses. It's received
>from hosting1, which is me. How can I figure out who could be sending it?
in the Imail logs, you will see the smtp session that had these RCTP TO:
lines, and then above that, the ip which sent it, maybe even SMTP AUTH of
the sender. then you�ve nailed it down
But if not SMTP AUTH, then you can see why you should force all your IP�s
to SMTP AUTH so every mail relay session is traceable. The "no relay"
(unless SMTP AUTH�d) is really better than "relay for addresses".
If they are sending this without SMTP AUTH, and your access box and Imail
box have synchronized clocks, then you should be to see in the access box
log file who had that DHCP ip at that Imail time.
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
