If I were you, I'd start seeing what the mail contains. Not the best thing to do of course, but if you can see that it's not legit mail, then you've got the option of restricting their access through saslauthd.
see
man 5 postconf
or
always_bcc
(always_bcc, could be switched on temporarily, to see what's going on)
Ronald.
|