William Kisman wrote:
What are the possibilities that the spammer could use my mail server to
spam ?
First check if your server is an open relay using this service:
http://www.abuse.net/relay.html
Also if you think that a sasl user/pass has been compromised, change the
password. You can look through the mail log for an instance where a spam
passed through and get the id:
Jan 2 07:05:04 mail1 postfix/smtp[26253]: 0B2DC6A009B: <-- This is the id
Once you get the id, you can grep that specific id to get all of the log
entries related to it at which point you can see where the connection came
from and if it was authenticated:
Jan 2 01:05:03 mail1 postfix/smtpd[25860]: 0B2DC6A009B:
client=mail1.xxx.com[x.x.x.x], sasl_method=LOGIN, sasl_username=johndoe
If the connection was authenticated and you know it should not have been and
the message should have been rejected, then a password has possibly been
compromised.
J.P.
