Weird spam problem - just to info mails

[tkalfaoglu]

A few of the email accounts on the system have a spam problem.. some people (mainly from china) are sending mail with a from: of [email protected] to other people in china, over us.

That is, the domain after the info@.... is 3-4 of the several hundred domains on that server.

I changed the passwords of those info accounts, but the spam continues.

We have "short names enabled" and SMTP Authentication and "pop3 before smtp" enabled.
I wonder if either of these is causing the problem..

It's odd that only "info" is used by these spammers, and its limited to 3-4 domain names only..

Any ideas how to stop this madness?

Thanks, -t

 

[tkalfaoglu]

SOLVED: Another info account's password was ridiculously easy, and the hackers used that to login, and then proceeded to spam during the POP before SMTP timeout.

May 24 20:48:26 lin smtp_auth: SMTP user [email protected] : logged in from hn.kd.ny.adsl [115.63.9.191]
May 24 20:49:06 lin smtp_auth: SMTP user [email protected] : logged in from hn.kd.ny.adsl [115.63.9.191]
May 24 20:49:10 lin smtp_auth: SMTP user [email protected] : logged in from hn.kd.ny.adsl [115.63.9.191]
May 24 20:49:14 lin smtp_auth: SMTP user [email protected] : logged in from hn.kd.ny.adsl [115.63.9.191]
May 24 20:52:52 lin smtp_auth: SMTP user [email protected] : logged in from hn.kd.ny.adsl [115.63.14.64]
May 24 20:53:10 lin smtp_auth: SMTP user [email protected] : logged in from hn.kd.ny.adsl [115.63.14.64]

Password changed, problem solved.. I hope