How Can I Trace the Origin of Outbound Spam Mail in Mavericks Server?
My Mavericks Server mail server has been compromised and has been sending reams of Nigerian royalty scam emails out. Where can I find log files which will enable me to track down the IP address these messages originated from (in case their is a machine with an infection on my network) and which credentials are being used to authenticate to the SMTP server?
Solution 1:
You should be able to find that Information in /var/log/Mail.log
and some more in /var/log/system.log
.