On 1/22/2016 6:42 PM, Wietse Venema wrote:
Richard B. Pyne:
I am seeing thousands (19000 today) of Illegal address syntax errors in
my logs that I suspect are coming from malware attempting to send spam.
The IP address shown is from our corporate firewall. The mail server is
outside.
We require logging in to send mail, but I can't figure out how to track
the real sender of the bad email addresses.
You have the SMTP client IP address, which is the most credible
information that you have at this point. Test the address with one
of the many websites that will do a "dnsbl check" for you.
All I have is the IP address of the firewall. I'm trying to track it
back to the user behind that firewall. It is our own corporate office
firewall. Our mail server is outside that firewall at a separate location.
