SPAM being sent through my server!

Hi,

I've discovered someoneis send SPAM through my server. maillog reveals a lot outgoing messages like:

Mar 15 10:27:35 grsites sendmail[1684]: i2FFRZ3U001684: from=<apache@grsites.com>, size=15826, class=0, nrcpts=100, msgid=<200403150927.i2F9Rvl8019135@grsites.com>, proto=ESMTP,$SMTP, daemon=MTA, relay=localhost.domain [127.0.0.1]
Mar 15 10:27:35 grsites sendmail[1684]: i2FFRZ3U001684: to=<kappucheeno@aol.com>, delay=00:00:00, mailer=esmtp, pri=3015826, stat=queued


etc... How do they manage to do that? Sendmail is set to require authentication for SMTP, and the access file in /etc/mail is not set to allow RELAYING for anyone other than localhost. The only users on the box are 2 family members, did their accounts get hacked? How do I determine which user the email is set through?

Any help would be greatly appreciated!

Gabriel

 

 

 

 

Top