Hi,
My question is part Declude JM and part IMail
but I assumed this would be the best place.
A student gets a funny mail from a user claiming to
be [EMAIL PROTECTED]. This e-mail address
does not exist. Having a look at the logs it seems this message was created by
IMail1.exe so it probably was a user using the webinterface, which covers about
90% of our userbase. :-( If it was indeed a user using the
webinterface, how was that user able to change the "from" address as there
is no field for it in the web interface. As we do not log the webinterface
usage, I have just changed that, I don't know who was logged it at that
time.
Which log do I need to enable to find out which
user sent this message, wil just enabling the log for the webinterface be
enough?
The option "Ignore source address in security
check" is enabled, should I disable this? Why is that option in IMail at all, it
this a common problem?
What is really puzzling it that at the same time
there is a gap in the log for Declude JM. The Imail log and the Declude virus
log show this message being parsed but the JM part never saw it. Nor did it see
several messages after that. There is a gap of almost 2 minutes in the JM log.
Anybody any idea what happened, what would cause something like
this?
I'm using IMail 8.03 and Declude 1.75
Declude virus LogLevel MID
Declude JM LogLevel LOW
log1127:
20031127 091726 127.0.0.1 SMTP (03CC01FA) finished C:\IMail\spool\Qb314003e011cf42d.SMD status=1 20031127 091728 127.0.0.1 SMTP (03CC01FB) processing C:\IMail\spool\Q31afc5b0770.GSC 20031127 091728 127.0.0.1 SMTP (03CC01FB) ERR tio.nl not local mondeling from <[EMAIL PROTECTED]> 20031127 091728 127.0.0.1 SMTP (03CC01FB) Creating message from Postmaster 20031127 091728 127.0.0.1 SMTP (03D00049) processing C:\IMail\spool\Q03cc01fb06fa.GSE 20031127 091728 127.0.0.1 SMTP (03CC01FB) finished C:\IMail\spool\Q31afc5b0770.GSC status=2 20031127 091728 127.0.0.1 SMTP (03D00049) ldeliver student.tio.nl r.modderman-main (1) 1234 20031127 091728 127.0.0.1 SMTP (03D00049) finished C:\IMail\spool\Q03cc01fb06fa.GSE status=1 20031127 091732 127.0.0.1 SMTP (03CC01FC) processing C:\IMail\spool\Q31b0d3403c8.GSC [......] 20031127 091914 127.0.0.1 SMTPD (005C00AC) [212.61.73.64] C:\IMail\spool\Db381005c00aca037.SMD 4402 20031127 091916 127.0.0.1 SMTP (03CC0200) processing C:\IMail\spool\Qb381005c00aca037.SMD vir1127: 11/27/2003 09:17:25 Qb314003e011cf42d Scanned: Virus Free [MIME: 2 1625] 11/27/2003 09:17:27 Q31afc5b0770 Scanned: Virus Free [MIME: 1 246] 11/27/2003 09:17:31 Q31b0d3403c8 Scanned: Virus Free [MIME: 1 235] dec1127:
11/27/2003 09:17:26 Qb314003e011cf362 L1 Message OK 11/27/2003 09:17:26 Qb314003e011cf362 L2 Message OK 11/27/2003 09:17:26 Qb314003e011cf42d L1 Message OK 11/27/2003 09:17:26 Qb314003e011cf42d L2 Message OK 11/27/2003 09:19:04 Qb376005200fc75dc L1 Message OK 11/27/2003 09:19:10 Qb37b005900ac8608 L1 Message OK 11/27/2003 09:19:16 Qb381005c00aca037 L1 Message OK Groetjes, Bonno Bloksma
.... Back up my hard drive? How do I put it in reverse? |