Additional information: After finding a legitimate e-mail in the queue I found an X-Authenticated-User field in the message header. The spam messages do not have this field in their header records. Any thoughts on how I can track this down? Douglas Ward IT Director NC Methodist Conference ---------- Forwarded message ---------- From: dward@nccumc.org <dward@nccumc.org> Date: Wed, Nov 24, 2010 at 4:54 PM Subject: Compromised mailbox allowing spam relay To: surgemail-list@netwinsite.com Happy Thanksgiving! I have discovered today that one of the accounts on my surgemail server has been compromised. It appears that a spammer has brute forced a password to relay authenticated mail through our mail server. Unfortunately, I cannot find any trace within the surgemail logs which account is compromised. I have checked all of the log files and all I see is the spoofed to/from fields. The account used to authenticate to the surgemail server is nowhere to be found. How can I find this? Once I change this password all is well and I can go back to my vacation. Any help you might offer would be most appreciated. Thank you in advance! Douglas Ward IT Director NC Methodist Conference
Last Message | Next Message