> Like I said, as soon as I blocked the troublesome IP's the problem went > away. Thus, it cannot be a local script. Furthermore, > we are not even running Apache. We are running Tomcat with custom developed > Java apps. > > I also ran tcpdump on localhost to see if there was traffic being received > on localhost. Guess what? While the spamming was taking place > there was no smtp traffic passing through on localhost port 25.
You should still recheck your mail server configuration, looks like your server is open relay? -- Eero
