I have over 1200 pending outgoing messages in my queue to various domains in Russia. I set each of the 10 domains I host to "reject nonexistant user", cleared the queue, and still messages seem to be queueing up! I think I have found the IP(s) address the messages are comming from useing /var/log/secure. However, I have not able to see "who" is sending them as I have SMTP auth enabled as well. My guess is that one of my users username and password has been compromised. Can anybody tell me how to disocver what username and password where used to send an email? Thanks in advance for the help!