Date: Sat, 13 Jan 2007 18:34:17 -0500 From: David Banning <david+dated+1169163260.888eb8@skytracker.ca> To: Paul Schmehl <pauls@utdallas.edu>, questions@freebsd.org Subject: Re: question on smtp AUTH Message-ID: <20070113233415.GA20356@skytracker.ca> In-Reply-To: <9F7B3DEC0E5C38DF44E9AE3A@paul-schmehls-powerbook59.local> References: <20070113180815.GA7980@skytracker.ca> <9F7B3DEC0E5C38DF44E9AE3A@paul-schmehls-powerbook59.local>
next in thread | previous in thread | raw e-mail | index | archive | help
> That would seem to suggest that the spam is being sent using an authorized > account, however, is it possible that a host inside your network is > sending the spam? Thanks for that test Paul. I do believe that it could have been a virus infected windows box. I am not convinced now. I -do- know that I have had crackers attempting access via SSH and I did not have anything to stop them from trying every possible configuration. Eventually they may have gotten a usable login and password. I now have them blocked after 5 failed attempts but still there could be someone spamming using the login and password obtained previously. Before getting -everyone- to change thier password I am wondering if there isn't a way to log who is sending via what login authentication. I could then just setup a new password for that user only.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070113233415.GA20356>