From owner-freebsd-questions@FreeBSD.ORG Sun Jan 14 00:54:10 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0F28016A403 for ; Sun, 14 Jan 2007 00:54:10 +0000 (UTC) (envelope-from david+dated+1169163260.888eb8@skytracker.ca) Received: from gozer.look.ca (epsilon2.look.ca [207.136.100.6]) by mx1.freebsd.org (Postfix) with ESMTP id D505313C458 for ; Sun, 14 Jan 2007 00:54:09 +0000 (UTC) (envelope-from david+dated+1169163260.888eb8@skytracker.ca) Received: from 3s1.com ([209.161.205.12]) by gozer.look.ca with esmtp (Exim 4.20) id 1H5sOB-0006XW-QG for questions@freebsd.org; Sat, 13 Jan 2007 23:34:19 +0000 Received: (from david@localhost) by 3s1.com (8.13.6/8.13.6/Submit) id l0DNYKIp022805 for questions@freebsd.org; Sat, 13 Jan 2007 18:34:20 -0500 (EST) (envelope-from david+dated+1169163260.888eb8@skytracker.ca) X-Authentication-Warning: 3s1.com: david set sender to david+dated+1169163260.888eb8@skytracker.ca using -f Received: by 3s1.com (tmda-sendmail, from uid 1000); Sat, 13 Jan 2007 18:34:19 -0500 Date: Sat, 13 Jan 2007 18:34:17 -0500 To: Paul Schmehl , questions@freebsd.org Message-ID: <20070113233415.GA20356@skytracker.ca> References: <20070113180815.GA7980@skytracker.ca> <9F7B3DEC0E5C38DF44E9AE3A@paul-schmehls-powerbook59.local> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <9F7B3DEC0E5C38DF44E9AE3A@paul-schmehls-powerbook59.local> User-Agent: Mutt/1.4.2.1i X-Delivery-Agent: TMDA/1.1.5 (Fettercairn) From: David Banning X-SA-Exim-Mail-From: david+dated+1169163260.888eb8@skytracker.ca Content-Type: text/plain; charset=us-ascii X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on chi.look.ca X-Spam-Level: X-Spam-Status: No, hits=0.1 required=8.0 tests=FROM_HAS_MIXED_NUMS autolearn=no version=2.63 X-SA-Exim-Version: 3.1 (built Tue Feb 24 05:09:27 GMT 2004) X-SA-Exim-Scanned: Yes Cc: Subject: Re: question on smtp AUTH X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jan 2007 00:54:10 -0000 > That would seem to suggest that the spam is being sent using an authorized > account, however, is it possible that a host inside your network is > sending the spam? Thanks for that test Paul. I do believe that it could have been a virus infected windows box. I am not convinced now. I -do- know that I have had crackers attempting access via SSH and I did not have anything to stop them from trying every possible configuration. Eventually they may have gotten a usable login and password. I now have them blocked after 5 failed attempts but still there could be someone spamming using the login and password obtained previously. Before getting -everyone- to change thier password I am wondering if there isn't a way to log who is sending via what login authentication. I could then just setup a new password for that user only.