I have some very strange activity going on with one of my SendMail servers and was hoping that someone here might know what is going on with it.

This morning my CFO, CIO and CEO all got the same email (SPAM) which is not so unusual. What IS unusual is the addresses it was sent to. They are coming from one of my SendMail servers that doesn't resolve to the outside world using email addresses that don't exist. I looked at the extended headers in the email and they are showing the addresses being sent to as Allergy@smtpserver.mycompany.com Pain.Relief@smtpserver.mycompany.com and Skin.Care@smtpserver.mycompany.com .... but a look in the SendMail logs show they are actually going to ceo@mycompany.com cfo@mycompany.com and cio@mycompany.com. The From address is not spoofed in either the headers or the SendMail log, at least as far as I can tell.

So I'm wondering how they are suppressing the actual email addy, even in the headers, and also how they are sending to my server that isn't seen from the outside. Now this IS an older version of SendMail, (sun version) 8.11.6 running on Solaris 7 and it will be replaced in the next couple of days with the latest SendMail version and Solaris 9. But since this involved the higher ups in the company it's become a bit of a "hot" item and they want me to figure out why it's happening like this and if there is anything we can do to stop it in the meantime.

I can provide more detailed logs and headers if requested, but I will have to edit them to remove actual names, etc. as I'm a little wary of giving this information out to everyone

Thanks in advance for any information you folks can provide on this.