I run a server standard edition for some customers.
Sometimes I can find in "Bad mail" reports like this one:
It definitely look like some spam has been sent by one of my customers, probabily by some robot infesting his PC.From: "Delivery Subsystem" <POSTMASTER@internetique.ca>
To: <onlinebanking@ealerts.bankofamerica.com>
Subject: Message Delivery Failure
Date: Wed, 1 Sep 2010 15:45:56 -0400
Message-ID: <F1FE154A98584D53BE296A80CD91150D.MAI@internetique.com>
X-MEFilter: 1
Precedence: bulk
X-ME-BADMAIL: POSTMASTERNDR, Postmaster NDR
MailEnable: Message could not be delivered to some recipients.
The following recipient(s) could not be reached:
Recipient: [SMTP:chevroletcamaro88@yahoo.com]
Reason: 554 Message not allowed - [PH01] Email not accepted for policy reasons. Please visit http://postmaster.yahoo.com/errors/postmaster-27.html [120]
Recipient: [SMTP:chevy_15lucas@yahoo.com]
Reason: 554 Message not allowed - [PH01] Email not accepted for policy reasons. Please visit http://postmaster.yahoo.com/errors/postmaster-27.html [120]
..........
My server is set to Allow relay for authenticated senders.
My question, Which logs should I check, and what should I look for in it in order to detect WHO is sending all that spam?