How can be externally exploited the MTA to send email on my behalf?
I've been checking my mailbox.log since yesterday tracking for an exploit that in some way deals to send email
through the MTA using my account and giving no trace of its intrusion.
Look following log information:
... say, what? :confused: it is even sending the message from my internal IP !!!.
2013-05-06 03:09:15,362 INFO [LmtpServer-929] [ip=172.16.5.5;] lmtp - Delivering message: size=2295 bytes, nrcpts=1, email@example.com, msgid=<20130506021455.001330E46F4416EA@mydomain.co m>
2013-05-06 03:09:15,367 INFO [LmtpServer-929] [firstname.lastname@example.org;mid=2;ip=172.16.5.5;] mailop - Adding Message: id=19645, Message-ID=<20130506021455.001330E46F4416EA@mydomain.com>, parentId=-1, folderId=2, folderName=Inbox.
2013-05-06 03:09:15,391 INFO [LmtpServer-929]  ProtocolHandler - Handler exiting normally
I've seen this before, but as an exploit of an email client that runs an script/hack i.e. Outlook, so it can send email using the client application where
apparently its in your behalf so you can't notice it is happening, but, what about the case above?.
What can you suggest me to track the real punk is doing this?
Thanks in advance!!!! PoKo!