Is there a way to check if our server was used to route/relay SPAM via our SMTP gateway? In GWIA at somepoint our 'prevent routing' was unchecked. We have fixed this, but someone is saying we are being used as a relay for SPAM, what logs can I check to verify this (or deny it). We have the latest patches and did what the novell web site says to do. Thank you!

This is how we check for spam: Every night at midnight when everything does it's log rotation, the GWIA.GATEWAY sends the admin an e-mail with the subject 'Agent Accounting Data File'. When reading the acct file that comes in the e-mail, we can see who sent what to whom along with the subject of the message. We are just looking for something fishy like invalid usernames or addresses. On the server side, in GWIA we check the options to make sure that the log level is normal or verbose. Hope that helps.

Using NWAdmin to turn off SMTP Relaying or setting the "/No Routing" switch in the GWIA.cfg file simply do not work before version 5.5.4. Even after 5.5.4 quoting the recipient address will bypass all of GroupWise's relay controls. Novell has released a patch which is reported to fix the "quote hack" in 5.5.4. This patch WILL NOT work on earlier versions of GroupWise, or if SP4 is not installed. The name of the patch is fgwia55c.exe. It comes with a TXT file that describes the installation. If you use this patch it would be very advisable to read the TXT file before installing it. Not so much for the installation instructions. But to see if you would want to. This is the reason that I am upgrading to GW 6.x very soon. GW 6.x takes care of the Relaying problem very well. The last thing you want is for your company or organization to end up on something like a Open Relay blacklist. It's easier to get your credit history fixed than it is to get off a blacklist. I listed a site below that you can test your Domain to see how good it is against Spammers. Good luck! V-Peace-V http://relays.osirusoft.com/cgi-bin/rbcheck.cgi

Underdog is correct. What i would suggest (and have done previously) if you are being used to relay mail, is to just blanket block the I address range that is relaying via the server. I've encountered it with 62.x.x.x and 202.x.x.x addresses within the last few months. Set up a static route from the relaying addresses, to an internal ip address that you know doesn't exist. that way it'll automatically try to route, reach nowhere and send the packets back to origin. short of downing the GWIA this is the only option i've worked out so far... about 4 clients so far and counting that those b---tards have tried relaying via....