Here’s a strange one. In my normal routine of glancing at the maillog file, and subsequently the queue, I noticed several hundred emails queued up, all with some bogus email variation on one of my domains. So for instance:
abj...@mydomain.com lwoei...@mydomain.com And so forth. I traced it back to a particular IP address, and as a temporary stop-gap measure, blocked that IP in the firewall and changed the passwords on the two email addresses that use that domain. The spam stopped. The strange thing is, that as soon as I unblock that one IP, it starts up again. I’m not sure how this one IP is managing to spoof email, and I am not having any issues with any of my other 40 domains. I can very clearly start and stop the abuse by blocking the IP. I’m not sure what I’m looking for, or how to find out how they are dumping this spam on my server, I thought I had it locked down pretty well and I haven’t had any problems for a couple of years until this week. Jeff
