Asai wrote:
Indeed it's a postfix logwatch entry. Here's a grep of the IP address
from /var/log/maillog
triata postfix/smtpd[11490]: connect from unknown[218.30.101.41]
Oct 20 23:56:49 triata sqlgrey: grey: from awl match: updating
218.30.101.41(218.30.101.41),
[EMAIL PROTECTED]([EMAIL PROTECTED])
Oct 20 23:56:49 triata postfix/smtpd[11490]: 76BE9FD8041:
client=unknown[218.30.101.41], [EMAIL PROTECTED]
Oct 20 23:56:50 triata postfix/smtpd[11490]: disconnect from
unknown[218.30.101.41]
Oct 20 23:57:00 triata amavis[11434]: (11434-01) Passed CLEAN,
[218.30.101.41] [218.30.101.41] <[EMAIL PROTECTED]> ->
<[EMAIL PROTECTED]>, Message-ID:
<[EMAIL PROTECTED]>, mail_id: SULYJRvIb9wQ,
Hits: -0.479, size: 25777, queued_as: 3299FFD8047, 9828 ms
Please don't top post.
OK, looks as if the mail was authenticated with
the account user [EMAIL PROTECTED] If the mail wasn't
really sent by that user, maybe you should disable that
account, or at least change the password.
--
Noel Jones
