Hi Folks,
I got a report that our Qube had been used for Spam and as far as I know it
is locked down pretty tight so I don't know what to make of this. I had one
person on the Dshield list say to check the maillogs and I tried that but
they only go back to 4/16 and this happened on 4/13. Then someone else just
noted that they are not aware of any way to spoof the "NNTP-Posting-Host"
that shows our IP address in this email and "You'll have to look for
outbound HTTP connections to posting.google.com from your IP, not SMTP
transactions."
So how do I do that ?
And is there a way to keep logs from rolling off so fast ?