[chuckf]

I have a few servers.. I just got a firewall, but its not installed yet.. but I believe people are using my server for spam. I have both a freebsd machine and just got a linux redhat 7.3 machine I use mostly for email.

I have a couple of questions.
1. If you wanted to track down who might be using a your server as a proxy for spam, how would you do it for the linux? I use qpopper btw.. if that helps.

2. Can you tell me what these entries in /var/log/maillog mean. I'm including a few different types of entries that have me confused.
(i replaced my server name with "anyserver")

Oct 21 05:00:44 anyserver sendmail[31814]: g9LC0ht31814: from=<admin37@host.goacom.com>, size=872, class=0, nrcp$

Oct 21 04:21:44 anyserver sendmail[31777]: g9LBLit31777: lost input channel from transport15c.azoogle.com [66.19$
$azoogle.com [66.197.140.87]


Oct 21 04:51:50 anyserver sendmail[31798]: g9J66xt18539: to=<bens@ndc.com.au>, ctladdr=<myname@anyserver.com > (50$.0, stat=Deferred: Connection refused by camtech.net.au.


Oct 21 09:14:11 anyserver sendmail[32099]: g9LGEAt32099: from=<approval7503@mail.ru>, size=422, class=0, nrcpts=$
$o=SMTP, daemon=MTA, relay=[212.150.165.16]