Topic: SPAM sent behind SME

[axessit]

I have just fixed a PC infected with a virus, but in the process, had to connect to the internet etc to get some patches, utils etc. As it happens, the virus was sending out SPAM at about 100 messages per 5 minute periods. Fortunately none of the other PC's on the network have been infected, but....

The infected PC was not logged on to the server. I thought that if I enabled the SMTP proxy on the Proxy page then only authenticated users can send email through the SME ? Am I wrong here ?

I have checked the mail logs, and they show the messages all being sent out. My ISP rang me this morning to ask me to shutdown my open relay mail server, but I am not relaying from the internet.

I am running SME 7.3.

Also, how can I translate the UID from the mail logs to an actual username ?

[janet]

axessit

See the email FAQ (link at top of page) re how to enable & force only authenticated connections from workstations.

Enabling smtp proxy will only force all email to be sent via your server, rather than directly to or via an external server (eg being used by a virus). It does not force authentication, see the FAQ for that.

[CharlieBrady]

Also, how can I translate the UID from the mail logs to an actual username ?

The uid for any mail injected via SMTP should always be qpsmtpd. You can verify by running:

id qpsmtpd