Am Mi, den 21.04.2004 schrieb Mike Rambour um 23:14: > I had already done the grep that was suggested, those 2 lines only show > up once in the maillog (there are others that only show up once also) Does > this mean that the relay was successful ? I sure hope not. I'm not shure (because I made the switch from sendmail to postfix a long time ago and may not remember the details correctly), but I don't think it indicates a successful relay. You have to find to corresponding entries, one for inbound, one outbound. Either it indicates an incoming mail (but again, you should find a second entry how it has been processed) or an outgoing from a local user (but again a second entry ...). Maybe, someone has compromised your machine or at least your sendmail. But, instead of trying to harden your sendmail you should spend the time to switch to another MTA. I decided for postfix, but e.g. exim may be a good choice, too (it has excellent documentation). > One thing I did notice after reading this reply is yes, I can set up a > external SMTP on a Windows machine and go through my firewall and connect > to it, but the internal machines are all using my SMPT server, there are > only 8 internal machines so it was easy to check. I dont think that is how > the SPAM got out, I trust these users. There are a lot newer viruses around which have their own SMTP functionality! They don't use your email program's configuration or SMTP function. They have their own and it is sufficient if the firewall lets pass SMTP communication. You should immediately reconfigure the firewall to block port 25. if you have complains about a lot of spam, the window machines combined with the open firewall port are the most likely source. Peter