AUTHRELAY Alert for xxx

[pnode]

Hello all,

From time to time i am recieving mails like below;

Time: Mon Feb 9 16:55:52 2015 +0200
Type: AUTHRELAY, Remote IP - 162.243.39.229 (US/United States/workingnurse.com)
Count: 101 emails relayed
Blocked: No

ample of the first 10 emails:

2015-02-09 16:14:06 1YKp6D-0007Q2-Nh <= [email protected] H=workingnurse.com (www.workingnurse.com) [162.243.39.229] P=esmtpa A=login:xxxxxxx S=1182 [email protected] T="Vous avez recu un fichier" from <[email protected]> for xxxxxx

and so on.

How to prevent this.
Also is this a big deal for us ?
I believe yes

 

[roarkh]

These warnings can be disabled in the DirectAdmin control panel. On our system it can be found at Admin Level->Extra Features->ConfigServer Firewall&Security. Then click Firewall Configuration and look for the section titled Relay Tracking.

It is telling you that someone sent more than 100 Authenticated Emails through your server from a device with the ip address 162.243.39.229. If that device is owned by one of your users it may be legitimate. If you don't recognize that IP address and the emails going out seem fishy then most likely an email account on your system has had its password compromised and someone is using it to send spam (or worse) through your server. If that is the case you should change that user's password immediately. I believe you will find that the compromised account is listed in your log entry, it looks like when you pasted it you replaced it with "xxxxxxx".