Thanks for getting back to me on this. I continued to try to figure out what was occurring. I'm not an expert at this, but I have installed at least a dozen SME servers, and have never had one cracked. All the return messages seemed to come back from one of my domains, see the "myotherdomain.com" below (I obfuscated the name to protect the guilty!!). Finally, I deduced that the Email was probably being sent from a violated Windows PC (can you IMAGINE that !!!) and that PC was sending out SPAM. I changed the username of the person using that account, and the SPAM returns have Stopped cold. I then called the User and explained that her PC may have been hacked and that I had shutdown her account for a while. She then went on to explain to me how her PC was acting very slow and strange lately, and that Outlook would not work any more. She could not tell me anything about the status of her Antivirus software or her MS critical updates.
I just thought I'd update the list. I'll continue to monitor, but I consider this case closed!
Chris Curtis
mapangojoe wrote:
Return-Path: <webmaster@myotherdomain.com>
Received: (qmail 32026 invoked from network); 9 Feb 2007 01:17:54 -0000
Received: from unknown (HELO biioiew.com) (218.53.105.175)
by server.mydomain.net (66.225.16.170) with SMTP; 09 Feb 2007 01:17:54 -0000
...
It looks to me as though you may have somehow managed to configure your system as an open mail realy, and spammers have discovered it. It's difficult to say, as you appear to have obfuscated the message - does it really say "myotherdomain.com"?
Do you have a form on your website which allows sending of mail? If so, disable it immediately, until it is proven not be forwarding spam.
Send a full unmodified copy of the message, including full headers, to security at contribs dot org and someone will take a closer look.