> Baseline is, there is or has been a user "jon" usable for SMTP AUTH as > you have shown by the log entry: > > Oct 5 15:17:53 www sendmail[6972]: AUTH=server, > relay=pppoe9.net109-120-27.se1.omkc.ru [109.120.27.9] (may be forged), > authid=jon, mech=LOGIN, bits=0 > > Alexander > Hi Alexander well the user jon has been deleted along with the entire domain the user was in, and they are still relaying, also how is the user jon at xxxxx.co.uk getting Authorised when that user does not exist. These are a couple of the latest successful relays from the logs. Oct 5 17:45:51 www sendmail[32567]: AUTH=server, relay=31-202-20-171-kh.maxnet.ua [31.202.20.171] (may be forged), authid=jon, mech=LOGIN, bits=0 Oct 5 19:47:23 www sendmail[20547]: AUTH=server, relay=[178.126.88.216], authid=jon at xxxxxxx.co.uk, mech=LOGIN, bits=0 it shows an example of both of the users that are being accepted. I just am not sure how, when I am fairly sure they don't actually exist. Paul.