Grab a coffee.
I had a user, dave. He had a login account but wanted no email. So, I put an alias in for him:
dave: nomail
Since there isn't a real "nomail" user, it causes any mail -to- dave to bounce back to sender. I have 15 or so accounts set up this way.
Some time after that, postmaster for my sendmail server started getting a returned-mail message. Basically it said:
mail from dave to spam.com.de was refused
It seemed to me that some spammer was sending mail to dave, and my server was simply bouncing it back. The receiver of the bounce was bogus. Hence, the message above.
Make sense?
About the same time that started, all users start getting more spam than ever, like a floodgate had opened. Even system accounts like adm and sys, which had in four years _never_ got mail, started getting spam.
Back to dave. dave was spending the winter in Florida and was not logging in.
After a while I got tired of all the postmaster messages regarding dave, so as a kind of test since we was gone, I renamed user dave to david on my system.
A few weeks later I start getting the same postmaster mail, saying:
mail from david to spam.com.de was refused
During this time, dave (david) never logged in, and no one at all, not even david, was aware that I renamed the account.
And! No more postmaster messages about dave. He doesn't get mail any more, where before he was regularly getting junk, which david now seems to be getting.
My sendmail is not relaying; I tested that.
I'm baffled by this; whatever is doing this seems to be using the password file, or at least it seems to me that's the case.
I don't see any unusual processes running; no system files have been modified lately that I can see; only five users on my system have any unix access at all.
Any ideas?
fmartin@applicatorssales.com
