[cobalt-security] Where's this email originating from? [RaQ3]

["Render-Vue" <sales@xxxxxxxxxxxxxx>]

Hi Yah,

Just checking logs and these entries have me a bit confused... (xxxxx being
one of our servers)

Oct 25 09:47:45 ns sendmail[8881]: JAA08881: from=httpd, size=188, class=0,
pri=30188, nrcpts=1, msgid=<200110251547.JAA08881@xxxxxxxxxxxxxx>,
relay=httpd@localhost
Oct 25 09:47:48 ns sendmail[8883]: JAA08881: to=toryu@xxxxxxxxxxxx,
ctladdr=httpd (15/11), delay=00:00:03, xdelay=00:00:03, mailer=esmtp,
relay=mail.iinet.net.au. [203.0.178.192], stat=Sent (ok 1004024864 qp 25390)
Oct 25 09:49:36 ns sendmail[8976]: JAA08976: from=httpd, size=198, class=0,
pri=30198, nrcpts=1, msgid=<200110251549.JAA08976@xxxxxxxxxxxxxx>,
relay=httpd@localhost
Oct 25 09:49:39 ns sendmail[8978]: JAA08976: to=toryu@xxxxxxxxxxxx,
ctladdr=httpd (15/11), delay=00:00:03, xdelay=00:00:03, mailer=esmtp,
relay=mail.iinet.net.au. [203.0.178.192], stat=Sent (ok 1004024979 qp 25071)
Oct 25 09:49:40 ns sendmail[8979]: JAA08979: from=httpd, size=198, class=0,
pri=30198, nrcpts=1, msgid=<200110251549.JAA08979@xxxxxxxxxxxxxx>,
relay=httpd@localhost
Oct 25 09:49:42 ns sendmail[8981]: JAA08979: to=toryu@xxxxxxxxxxxx,
ctladdr=httpd (15/11), delay=00:00:02, xdelay=00:00:02, mailer=esmtp,
relay=mail.iinet.net.au. [203.0.178.192], stat=Sent (ok 1004024976 qp 2339)
Oct 25 09:49:49 ns sendmail[8982]: JAA08982: from=httpd, size=198, class=0,
pri=30198, nrcpts=1, msgid=<200110251549.JAA08982@xxxxxxxxxxxxxx>,
relay=httpd@localhost
Oct 25 09:49:51 ns sendmail[8984]: JAA08982: to=toryu@xxxxxxxxxxxx,
ctladdr=httpd (15/11), delay=00:00:02, xdelay=00:00:02, mailer=esmtp,
relay=mail.iinet.net.au. [203.0.178.192], stat=Sent (ok 1004024992 qp 4179)

It's obviously been sent through the server "from=httpd" and been relayed
via httpd@localhost. Now if this was spam going out how can I tell who's
sending or what site it's originating from? Is this mail being sent via an
online form maybe??

Many thanks in advance

Chae