At 12:51 PM 1/20/2003, you wrote:
> The SMTPD line showing authentication has a different session ID (or PID > not sure what to call it) than the rest of the session, and it was mixed > among other entries, so I missed it. In this one session there were many (I > haven't counted yet) pieces of mail sent out, followed by several more > authenticated sessions with this account - so if I had missed that first > connection, it would have just looked like a ton of unauthenticated > messages getting relayed through. > > Ultimately, the culprit - a forgotten mailbox, that had been set to forward > elsewhere, that had a default password of 'password'In this kind of case, Declude Hijack would play a part in protecting as it would see these messages outgoing from that user and would track them and take action. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Jeff Lesperance Matrix Group International, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
