[MYSTERY] Emails being sent under account with email disabled

[rockethead]

Hello,

We have a dedicated server from GoDaddy running CENTOS 5.5 i686 standard.

We only have four or so sites on it. The other day, we receive an email that we have reached our 1000 smtp limit. This was a mystery since we use google apps for email and don't get near 1000 emails for out sites using the contact forms and such.

So I look at the relays and sure enough someone, probably a spammer, has used our smtp to send out their filth. I set email accounts and hourly emails to 0, remove the email in dns, and removed an email form they put on your server.

However, they are still somehow sending mail using our server. I'm going to terminate the account and reinstall, but I would love to know how this hacker is doing this and what I can do to prevent it in the future.

If you can answer this I will crown you a Linux god.

Thanks

[Lazydog]

You are using your mail system as a relay? If so then you have to configure it to only relay your mail from your IP address. I don't know how to do this I just remember reading about how mail relays are used by spammers to get their junk out. Maybe look at turning off the relay.

From what I understand it is best to not use a relay at all. This cuts out most if not all spammers junk.

[rockethead]

hey thanks very much, i will do some googling and check it out.

I still would like to get more info on this, anyone?

[rockethead]

Anyone know how to close the relays or restrict to the ip address?

[Lazydog]

A quick search on Google turned up this site:

How to secure your mail system against third-party relay