Baseline is, there is or has been a user "jon" usable for SMTP AUTH as you have shown by the log entry:
Oct 5 15:17:53 www sendmail[6972]: AUTH=server, relay=pppoe9.net109-120-27.se1.omkc.ru [109.120.27.9] (may be forged), authid=jon, mech=LOGIN, bits=0
Alexander
Hi Alexander
well the user jon has been deleted along with the entire domain the user was in, and they are still relaying, also how is the user jon@xxxxx.co.uk getting Authorised when that user does not exist. These are a couple of the latest successful relays from the logs.
Oct 5 17:45:51 www sendmail[32567]: AUTH=server, relay=31-202-20-171-kh.maxnet.ua [31.202.20.171] (may be forged), authid=jon, mech=LOGIN, bits=0 Oct 5 19:47:23 www sendmail[20547]: AUTH=server, relay=[178.126.88.216], authid=jon@xxxxxxx.co.uk, mech=LOGIN, bits=0
it shows an example of both of the users that are being accepted. I just am not sure how, when I am fairly sure they don't actually exist.
Paul.