From owner-freebsd-questions@FreeBSD.ORG Tue Apr 14 04:49:47 2015 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1D5BF3FA for ; Tue, 14 Apr 2015 04:49:47 +0000 (UTC) Received: from 3s1.com (3s1.com [209.161.205.12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "3s1.com", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D0844EB0 for ; Tue, 14 Apr 2015 04:49:46 +0000 (UTC) Received: from 3s1.com (localhost [127.0.0.1]) by 3s1.com (8.14.4/8.14.4) with ESMTP id t3E4m2ki012278 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 14 Apr 2015 00:48:02 -0400 (EDT) (envelope-from david+dated+1429418881.347c7b@skytracker.ca) Received: (from david@localhost) by 3s1.com (8.14.4/8.14.4/Submit) id t3E4m2WW012277 for questions@freebsd.org; Tue, 14 Apr 2015 00:48:02 -0400 (EDT) (envelope-from david+dated+1429418881.347c7b@skytracker.ca) X-Authentication-Warning: 3s1.com: david set sender to david+dated+1429418881.347c7b@skytracker.ca using -f Received: by 3s1.com (tmda-sendmail, from uid 1000); Tue, 14 Apr 2015 00:48:01 -0400 Date: Tue, 14 Apr 2015 00:48:01 -0400 To: questions@freebsd.org Subject: tracing emails with sendmail Message-ID: <20150414044757.GA10829@skytracker.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Delivery-Agent: TMDA/1.1.12 (Macallan) From: David Banning X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Apr 2015 04:49:47 -0000 All of a sudden I am getting a ton of spam being relayed through sendmail. I have around 40 legitimate users on the system - even though I have increased sendmail's log level to 15 - I cannot see - who is being authorized to relay through my server. It gives the sender name as an eail address, unknown to me. I am guessing that one of my users has had their passowrd stolen. Is there s specific log level that tells which username is being given authorization to relay? Any pointers would be helpful.