possible to trace auth user to sent mail?

[gazumping]

Hello,
Dealing with spambots that probably have auth user/pwd to send mail. We need to trace down what account is sending a volume of messages. Tried hunting the logs and the x- headers, but those show only localhost6, so my assumption is that webmail is being used to transmit those but I can't seem to link the outgoing mail to a given user.

Is it possible to show who is sending emails or at least trace it down?

Thanks,
--Christian

version: Zimbra Community Server 6.0.4

[raj]

Quote:

tail -n 1000000 /var/log/maillog | grep "sasl_username=" > smtpauthlogins.txt

above will spit out the "smtpauthlogins.txt" open it and see which user's name (sasl_username=USER_NAME) is repeating the most, that dude has a virus infected outlook or spammer got hold of his simple password and relaying SPAM by using SMTP AUTH

change the password for that user asap.

Raj