I have been a surgemail user for years and it's worked well for me.
Suddenly, yesterday, I am getting hundreds of spam messages being sent through my server to other people. All of them are "from" one of my legitimate users. Except she's not sending them. So I changed her password. No effect. I want to limit sending mail to require that a user actually be authorized to use the SMTP service. Can someone tell me how to do that.
The queued messages will still be going, so you may have fixed it
already. To clear the queue use:
tellmail delete_contains firstname.lastname@example.org
(name of problem user)
If messages are still going out look for the Received log entry of
the problem messages in msg*.rec and where it says 'relay=...' it
will tell you the reason it's relaying the messages, most likely
it will be the hacker has cracked the password, but it might be a
config setting that allows relaying.
Here is some general advice for this type of hacking issue:
The setting you are looking for is: G_SPAM_USER_MAX "100"
I did a test with my own account, logging in to send mail at port 25 with no password (I normally use port 587 with insecure passwords). So with port 25 with no password trying to send to a user not on my server I get:
23 10:47:12.11:2020: 500 SSL required for ip (220.127.116.11)
This just means it requires ssl, it doesn't mean it's blocking
sending messages. It's unlikely your server is an open relay, a
hacked account is much more common, but to test properly I would use
a website like http://mxtoolbox.com/diagnostic.aspx
I don't understand why this is not what the spammer is getting if he is not using her password.
Any help is welcome.