What tells you that these two independent maillog entries were relay attempts? They are incomplete, at least incomplete pasted. If you want to inverstigate you must search the maillog for the queue ID and not the sendmail PID: so search for "MAA01067" and "MAA01214" and not "sendmail[1067]" or "sendmail[1214]". But I am very doubtful that both
I am not sure there were relay attempts, they were not incompletely pasted they were complete and there are NO other lines in /var/log/maillog to correspond to them. Most items in maillog have 2 lines for each PID, but I have maybe a dozen that only have one line, I posted only 2 examples of those. It is because those are different that I am concerned they are relayed, they may not be. As I mentioned, I am a newbie thrown into this by my boss due to a departing system manager. When I picked this responsibility up (with protest), I found that we were running a un-updated Fedora, it took 2 days to get updated. I am now enjoying this process of searching and looking for answers. This is FUN a lot more than what I was doing for this company.
As advised by Peter you better ask your ISP for details of the SPAM report.
I have asked but not received these yet.
Are you running Apache on the mailserver too? If yes you might have a misusable formmail on it through which foreign people can send SPAM.
There is Apache running but no formail or like that, only one form sends mail through a PERL program and its sends mail to me only and writes a log file.
http://spamlinks.openrbl.org/tools-relay.htm
didnt know about the spamlinks one, ran the other 2
Thanks for the help
mike
