Bot?

[Jerry Bell]

It's unlikely that the bot would relay outbound spam through your MTA - 
that would be inconvenient, slow and raise some suspicion.  If the 
provider is right, you most likely have a bit of code running on the 
server that is directly connecting to external mail servers.  There 
could be reasons you aren't seeing a spike, such as you're only looking 
at traffic processed by the MTA, or it simply doesn't show as a material 
increase on a graph of traffic on the network interface if the server is 
busy.

Jerry
On 1/5/2011 10:41 AM, Robert Fitzpatrick wrote:
> Keep getting calls from our provider at one location that our FreeBSD 
> 8.0-RELEASE server is sending bursts of >1000 spam messages to >70K 
> recipients. Since the first call a few weeks ago, I have MRTG and Mail 
> Statistics graphs setup and see no spikes in traffic. Their last 
> sighting was over the weekend and graphs show a reduction in traffic 
> during that time as expected, again with no spikes in traffic or 
> messages sent/received by our Postfix/Amavisd-maia MTA. All services 
> on that server including SSH, SMTP and mail queue size all monitored 
> by Nagios and have had no alerts from that server.
>