I have a RedHat 9 server with about 200 users using pop3 and smtp. Sendmail requires authentication to send through (naturally). But I beleive that someone might have guessed one of my users password and is using my server to send mail. Log files show a very high number of messages being sent from Asian IPs and we do not do any business with Asian networks.
Essentially, I need to figure out what user this culprit is authenticating as. Can this info be added to the sendmail log? Or can I sniff this traffic somehow?
Help me stop this spammer! Thank you in advance!