SurgeMail Archive: Re: [SurgeMail List] re: Spam somehow being sent out

Subject:	Re: [SurgeMail List] re: Spam somehow being sent out
From:	Steve
Date:	18-Dec-2011
There we go. The regular msg log was not showing this. Thanks I found the culprit! On 12/18/2011 5:24 PM, Support wrote: Signature To see the authenticated sender you need to find the 'Received' log entries in msg*.rec that will show you why a message is being relayed, and if authenticated what user us compromized. ChrisP. Logs show it coming FROM an outside IP from our ISP using ESMTP and sending out. No mention of authentication, and I have relaying enabled ONLY for some private 10.x.x.x ip's and a few of our public ip's. Someone someone is able to relay through our server. Most of our customers are being forced to smtp auth to send email through our server. So we've been placed on some blacklists Here you can see some don't work and some actually get through. 16 12:48:57[1960776] Later 197.255.164.39 <josevaldo13@bolivia.com> <26avarassa@trt05.gov.br> 0 "DNS lookup failed (dns=72.38.238.90 dom=trt05.gov.br) blank response" 16 12:48:57[1960776] Later 197.255.164.39 <josevaldo13@bolivia.com> <27avarassa@trt05.gov.br> 0 "DNS lookup failed (dns=72.38.238.90 dom=trt05.gov.br) blank response" 16 12:48:57[1960776] Later 197.255.164.39 <josevaldo13@bolivia.com> <28avarassa@trt05.gov.br> 0 "DNS lookup failed (dns=72.38.238.90 dom=trt05.gov.br) blank response" 16 12:48:57[1960776] Later 197.255.164.39 <josevaldo13@bolivia.com> <29avarassa@trt05.gov.br> 0 "DNS lookup failed (dns=72.38.238.90 dom=trt05.gov.br) blank response" 16 12:50:02[1960875] Later 197.255.164.39 <josevaldo13@bolivia.com> <agustavo@phelpsdodge.com> 0 "Open (74.117.114.97) Error 189sec (399 TCP Read failed (Connection timed out after 0 seconds) 0 sec)" 16 12:50:05[1960875] Sent 197.255.164.39 <josevaldo13@bolivia.com> <ahernandez@mascomex.com.mx> 0 "Delivered to remote host 148.243.170.194" 16 12:50:23[1960774] Later 197.255.164.39 <josevaldo13@bolivia.com> <06vfci@jfes.trf2.gov.br> 0 "Open (189.23.159.135) Error 189sec (399 TCP Read failed (Connection timed out after 0 seconds) 0 sec)" 16 12:50:23[1960774] Later 197.255.164.39 <josevaldo13@bolivia.com> <05vfci@jfes.trf2.gov.br> 0 "Open (189.23.159.135) Error 189sec (399 TCP Read failed (Connection timed out after 0 seconds) 0 sec)" 16 12:50:31[1960815] Later 197.255.164.39 <josevaldo13@bolivia.com> <absilva@tcasa.com> 0 "Open (211.106.65.116) Error 189sec (399 TCP Read failed (Connection timed out after 0 seconds) 0 sec)" None of these users or IP's exist on my network. Anyone know how he's able to do this? Is this a known bug (I do have an older version of Surgemail ChrisP Sent with YesImOnline email client http://yesimonline.com/yes (free client)

archive-list@netwin_co_nz mailing list Archive Index

Previous Message | Next Message


Search website: