Hello, This is somewhat off topic but I don't know where else to turn. Plus, I'm hoping someone else on this list has had this issue since it does include use of qmail (sort of).
I see entries in my send log like this: @40000000532c16d72557da44 info msg 48367716: bytes 1064 from <[email protected]> qp 27680 uid 89 @40000000532c16d72597f854 starting delivery 71817: msg 48367716 to remote [email protected] @40000000532c16d725990dac status: local 0/10 remote 1/200 @40000000532c16d8279aa23c delivery 71817: failure: User_and_password_not_set,_continuing_without_authentication./64.12.91.196_does_not_like_recipient./Remote_host_said:_550_5.1.1_<[email protected]>:_Recipient_address_rejected:_aol.com/Giving_up_on_64.12.91.196./ I can see that it comes from one of my web servers ([email protected]) which means it'll be a web form. I see enough of these (and others similarly) that I suspect one of the sites has an "email a friend" type form and it's being abused. I host hundreds of sites. How can I go about locating the offending site? I've tried searching in the log files for the email but it doesn't find any matches. Any ideas on the bread crumbs I need to be looking for? Thanks in advance! Denny
