Please check the respective machine for any malware. If the smtp authentication password is saved which in most cases is than a worm or virus can collect the saved password and send spam using your server as authorized relay.
That was my assumption when i first saw that you specified IP_address_of_allowed_relay. If the respective address is in a private address than the assumption becomes certainty. > > > Sorry to be a pest but, > the IP address of origin is the correct > address of an allowed relay. > > CHKUSER accepted sender: from > <[EMAIL PROTECTED]::> remote > DG93MCB1:unknown:IP_address_of_allowed_relay> rcpt <> : sender > accepted > > I hate to say it but if the user was stating mail > from:legit_user but the reported IP is from IP_address_of_allowed_relay > isn't the email coming form either the allowed relay or some one spoofing > the allowed relay? > > Thanks > Doug >> > [EMAIL PROTECTED] ha scritto: >>> I need a little > help deciphering what's going on here. >>> >>> CHKUSER > accepted sender: from <[EMAIL PROTECTED]::> >>> remote >>> > <DG93MCB1:unknown:IP_Address_of_allowed_relay> rcpt <> : > sender accepted >>> >>> I'm getting a ton of these in > my log files but the user CHKUSER is >>> reporting is not > sending them. I tried commenting them out of my >>> tcp.smtp > file and resetting the tcp.smtp.cdb but I'm still getting the >>> same log. >>> >> The reported "from > user" (in this case >> [EMAIL PROTECTED]) > is simply the one declared at SMTP >> session with "mail > from:". >> >> Tonino >>> Any help would be > greatly appreciated. >>> >>> Thanks >>> > Doug >> >> >> -- >> > ------------------------------------------------------------ >> > [EMAIL PROTECTED] Interazioni di Antonio Nati >> > http://www.interazioni.it [EMAIL PROTECTED] >> > ------------------------------------------------------------ >> >> >
