Ok. Thanks. I can see them coming in.
The problem is that my client's server is sending out hundreds of emails an hour. It is set up for SMTP auth. I think the most likely candidate is a virus on his office Windows machine which is using his Outlook accounts to send the mails.
Another candidate is that someone has got hold of his password and is sending them from elsewhere. Looking at the maillog I think I can see what looks like the IP address of where the user came from : if this is his machine that will answer that one.
However; having changed the passwords for these users I am still seeing dozens of emails going through sendmail. Since they say to=<someaddress rather than from=< I assume they are outward bound? EDIT: yes. Clearing /var/spool/mqueue seems to have dealt with this.
-- Justin Wyllie
Last edited by justinwyllie; 02-03-2014 at 05:31 PM.