I am currently trying to clean up a very nasty spam run someone initiated through our SmarterMail server. Much to my dismay, it appears that SmarterMail does not log which user authenticates a SMTP session, only that the session is authenticated to the SMTP log file. How is this possible ???
13:06:53 [200.181.148.244][456908] rsp: 220 mail3.denver.wehostwebsites.com 13:06:53 [200.181.148.244][456908] connected at 1/29/2006 1:06:53 PM 13:06:54 [200.181.148.244][456908] cmd: EHLO 192.168.7.100 13:06:54 [200.181.148.244][456908] rsp: 250-imail3 Hello [200.181.148.244] 250-SIZE 31457280 250-AUTH LOGIN CRAM-MD5 250 OK 13:06:54 [200.181.148.244][456908] cmd: AUTH LOGIN 13:06:54 [200.181.148.244][456908] rsp: 334 VXNlcm5hbWU6 13:06:55 [200.181.148.244][456908] rsp: 334 UGFzc3dvcmQ6 13:06:55 [200.181.148.244][456908] rsp: 235 Authentication successful 13:06:55 [200.181.148.244][456908] cmd: MAIL FROM:<[EMAIL PROTECTED]> 13:06:55 [200.181.148.244][456908] rsp: 250 OK <[EMAIL PROTECTED]> Sender ok 13:06:56 [200.181.148.244][456908] cmd: RCPT TO:<[EMAIL PROTECTED]> 13:06:56 [200.181.148.244][456908] rsp: 250 OK <[EMAIL PROTECTED]> Recipient ok 13:06:57 [200.181.148.244][456908] cmd: DATA This is just un-*******-believable ... If anyone has any suggestions on how I can track down the customer abusing my SMTP via SmarterMail logs, please email me directly to [EMAIL PROTECTED], since my main email is currently outbound only. Thanks! ----- Jay Sudowski // Handy Networks LLC Director of Technical Operations Providing Shared, Reseller, Semi Managed and Fully Managed Windows 2003 Hosting Solutions Tel: 877-70 HANDY x882 | Fax: 888-300-2FAX www.handynetworks.com --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.