Oh, dear. I seem to be a spam-spewing zombie.
Complaint from Mrs. F that she's had no e-mail for 2 days.
So I send her a test mail.
Nothing.
I send myself a test mail.
Nothing.
Hmm.
Log onto mail server, and find it's bogged down with a delivery queue of 6000 messages.
Shut down the mail service, clear queue, and look at logs.
I've got logging turned down to 1, so I can only see that I've been accepting mail from spammy address to random address ( ie open relaying ).
Only I'm not open relaying, I require SMTP auth.
So I think one of the client PCs is compromised and the mail is coming in via an authenticated connection.
I've turned on SMTP logging so I can catch which login is compromised.
It's not a dictionary attack, since I have an IP auto-ban for incorrect logins.
Server re-started, and nothing untoward coming in yet.
Will be keeping a close eye on this one.
Aha! Caught!
After 2 quiet days on the mailserver, I am alerted to a sudden spike in mail traffic.
Remote onto the mailserver, and I see spam from: and to: addresses being relayed.
Shuts down mail server service, and peruses the more comprehensive logs.
Ah, so there we are: logging in with a legit account, and getting authenticated.
So who's account is it? One of the kids, no doubt.
But it's base64-obfuscated in the logs, so I need to decode it... <tapity-tap>
Ah.
Not the kids.
It's my primary account. How embarrassing.
I have a strong password, don't I? Err.. no...
I forgot that back at Xmas time, when I got the new fondleslab, in my haste to set up stuff, I could not remember my e-mail account password.
So I just remoted into the mailserver and 'temporarily' reset it to 'username123', intending to fix it later.
Later never came, and I just adjusted my password on my other devices.
So I've been running with this silly PW for 10 months.
It's been reset to a strong PW again, and I've temporarily firewalled out the IP that was hitting me.
I'll remove the IP block after a week or so, once they have given up.
Dearie me. What an idiot.