[Declude.JunkMail] HiJack Not Working ?

Wed, 26 Mar 2003 14:54:33 -0800

Title: Message
We've got a locked down public Imail server where anyone can register for a free email, but all users have to authenticate before relaying mail.
 
We've also got Declude with HiJack in order to stop spammers from using our system
 
But somehow we've got registered users sending hundreds of messages through us and bypassing HiJack.
 
Why isn't the email being trapped by HiJack?
 
Here's an example from the Logs where the user [EMAIL PROTECTED]  is sending spam:
 
03:26 15:25 SMTP-(00000B6C) 250-mailhost.gscpa.org Hello [208.253.112.168]
03:26 15:25 SMTP-(00000B6C) 250-TURN
03:26 15:25 SMTP-(00000B6C) 250-ATRN
03:26 15:25 SMTP-(00000B6C) 250-SIZE
03:26 15:25 SMTP-(00000B6C) 250-ETRN
03:26 15:25 SMTP-(00000B6C) 250-PIPELINING
03:26 15:25 SMTP-(00000B6C) 250-DSN
03:26 15:25 SMTP-(00000B6C) 250-ENHANCEDSTATUSCODES
03:26 15:25 SMTP-(00000B6C) 250-8bitmime
03:26 15:25 SMTP-(00000B6C) 250-BINARYMIME
03:26 15:25 SMTP-(00000B6C) 250-CHUNKING
03:26 15:25 SMTP-(00000B6C) 250-VRFY
03:26 15:25 SMTP-(00000B6C) 250-X-EXPS GSSAPI NTLM LOGIN
03:26 15:25 SMTP-(00000B6C) 250-X-EXPS=LOGIN
03:26 15:25 SMTP-(00000B6C) 250-AUTH GSSAPI NTLM LOGIN
03:26 15:25 SMTP-(00000B6C) 250-AUTH=LOGIN
03:26 15:25 SMTP-(00000B6C) 250-X-LINK2STATE
03:26 15:25 SMTP-(00000B6C) 250-XEXCH50
03:26 15:25 SMTP-(00000B6C) 250 OK
03:26 15:25 SMTP-(00000B6C) >MAIL FROM:<[EMAIL PROTECTED]>
03:26 15:25 SMTP-(00000254) 354 go ahead
03:26 15:25 SMTP-(00000BA8) 354 START MAIL INPUT, END WITH "." ON A LINE BY ITSELF
03:26 15:25 SMTP-(00000254) >.
03:26 15:25 SMTP-(00000BA8) >.
03:26 15:25 SMTP-(00000B6C) 250 2.1.0 [EMAIL PROTECTED] OK
03:26 15:25 SMTP-(00000B6C) >RCPT To:<[EMAIL PROTECTED]>
03:26 15:25 SMTP-(000009B8) Connect mailbox.co.za [196.31.150.75:25] (1)
03:26 15:25 SMTP-(000007F0) Trying unsubscribe.myfamily.com (0)
03:26 15:25 SMTP-(00000B6C) 250 2.1.5 [EMAIL PROTECTED]
03:26 15:25 SMTP-(00000B6C) >RCPT To:<[EMAIL PROTECTED]>
03:26 15:25 SMTP-(00000BA8) 250 OK
03:26 15:25 SMTP-(00000BA8) rdeliver aol.com [EMAIL PROTECTED] (1) <[EMAIL PROTECTED]> 6670
03:26 15:25 SMTP-(00000BA8) >QUIT
03:26 15:25 SMTP-(00000BA8) 221 SERVICE CLOSING CHANNEL
03:26 15:25 SMTP-(00000BA8) finished d:\IMail\spool\Qe18d009a0078d0bf.SMP status=1
03:26 15:25 SMTP-(00000BA8) d:\IMail\spool\Qed8300a000a68876.SMP
03:26 15:25 SMTP-(00000BA8) processing d:\IMail\spool\Qed8300a000a68876.SMP
03:26 15:25 SMTP-(00000B6C) 250 2.1.5 [EMAIL PROTECTED]
03:26 15:25 SMTP-(00000B6C) >RCPT To:<[EMAIL PROTECTED]>
03:26 15:25 SMTP-(00000BA8) Trying earthlink.net (0)
03:26 15:25 SMTP-(000007F0) Connect unsubscribe.myfamily.com [63.92.86.131:25] (1)
03:26 15:25 SMTP-(00000B6C) 250 2.1.5 [EMAIL PROTECTED]
03:26 15:25 SMTP-(00000B6C) >RCPT To:<[EMAIL PROTECTED]>
03:26 15:25 SMTP-(00000B6C) 250 2.1.5 [EMAIL PROTECTED]
03:26 15:25 SMTP-(00000B6C) >RCPT To:<[EMAIL PROTECTED]>
03:26 15:25 SMTP-(00000BA8) Connect earthlink.net [207.217.120.79:25] (1)
03:26 15:25 SMTP-(00000B6C) 250 2.1.5 [EMAIL PROTECTED]
03:26 15:25 SMTP-(00000B6C) >DATA
03:26 15:25 SMTP-(00000B6C) 354 Start mail input; end with <CRLF>.<CRLF>
03:26 15:25 SMTP-(00000B6C) >.
03:26 15:25 SMTP-(00000B6C) 250 2.6.0  <[EMAIL PROTECTED]> Queued mail for delivery
03:26 15:25 SMTP-(00000B6C) rdeliver gscpa.org multiple (5) [EMAIL PROTECTED] 2595
03:26 15:25 SMTP-(00000B6C) >QUIT
03:26 15:25 SMTP-(00000B6C) 221 2.0.0 mailhost.gscpa.org Service closing transmission channel
03:26 15:25 SMTP-(00000B6C) Connect gscpa.org [216.230.88.131:25] (1)
03:26 15:25 SMTP-(00000B6C) 220 mailhost.gscpa.org Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at  Wed, 26 Mar 2003 15:25:25 -0500
03:26 15:25 SMTP-(00000B6C) >EHLO richmond.com
03:26 15:25 SMTP-(00000B6C) 250-mailhost.gscpa.org Hello [208.253.112.168]
03:26 15:25 SMTP-(00000B6C) 250-TURN
03:26 15:25 SMTP-(00000B6C) 250-ATRN
03:26 15:25 SMTP-(00000B6C) 250-SIZE
03:26 15:25 SMTP-(00000B6C) 250-ETRN
03:26 15:25 SMTP-(00000B6C) 250-PIPELINING
03:26 15:25 SMTP-(00000B6C) 250-DSN
03:26 15:25 SMTP-(00000B6C) 250-ENHANCEDSTATUSCODES
03:26 15:25 SMTP-(00000B6C) 250-8bitmime
03:26 15:25 SMTP-(00000B6C) 250-BINARYMIME
03:26 15:25 SMTP-(00000B6C) 250-CHUNKING
03:26 15:25 SMTP-(00000B6C) 250-VRFY
03:26 15:25 SMTP-(00000B6C) 250-X-EXPS GSSAPI NTLM LOGIN
03:26 15:25 SMTP-(00000B6C) 250-X-EXPS=LOGIN
03:26 15:25 SMTP-(00000B6C) 250-AUTH GSSAPI NTLM LOGIN
03:26 15:25 SMTP-(00000B6C) 250-AUTH=LOGIN
03:26 15:25 SMTP-(00000B6C) 250-X-LINK2STATE
03:26 15:25 SMTP-(00000B6C) 250-XEXCH50
03:26 15:25 SMTP-(00000B6C) 250 OK
03:26 15:25 SMTP-(00000B6C) >MAIL FROM:<[EMAIL PROTECTED]>
03:26 15:25 SMTP-(000008CC) Connect ou.edu [129.15.2.47:25] (1)
03:26 15:25 SMTP-(00000254) 250 ok dirdel
03:26 15:25 SMTP-(00000254) rdeliver yahoo.com [EMAIL PROTECTED] (1) <[EMAIL PROTECTED]> 1460
03:26 15:25 SMTP-(00000254) >QUIT
03:26 15:25 SMTP-(00000B6C) 250 2.1.0 [EMAIL PROTECTED] OK
03:26 15:25 SMTP-(00000B6C) >RCPT To:<[EMAIL PROTECTED]>
03:26 15:25 SMTP-(00000B6C) 250 2.1.5 [EMAIL PROTECTED]
03:26 15:25 SMTP-(00000B6C) >RCPT To:<[EMAIL PROTECTED]>
03:26 15:25 SMTP-(00000B6C) 250 2.1.5 [EMAIL PROTECTED]
03:26 15:25 SMTP-(00000B6C) >RCPT To:<[EMAIL PROTECTED]>
03:26 15:25 SMTP-(00000254) 221 mta111.mail.scd.yahoo.com
03:26 15:25 SMTP-(00000254) finished d:\IMail\spool\Q01ac006800ac48cd.SMP status=1
03:26 15:25 SMTP-(00000254) d:\IMail\spool\Q02500086004cc75a.SMP
03:26 15:25 SMTP-(00000254) processing d:\IMail\spool\Q02500086004cc75a.SMP
03:26 15:25 SMTP-(00000254) Trying whitlock.com (0)
03:26 15:25 SMTP-(00000B6C) 250 2.1.5 [EMAIL PROTECTED]
03:26 15:25 SMTP-(00000B6C) >RCPT To:<[EMAIL PROTECTED]>
03:26 15:25 SMTP-(00000254) Connect whitlock.com [209.48.126.252:25] (1)
03:26 15:25 SMTP-(00000B6C) 250 2.1.5 [EMAIL PROTECTED]
03:26 15:25 SMTP-(00000B6C) >RCPT To:<[EMAIL PROTECTED] 
 
Any help or guidance would be greatly appreciated.
 
Thanks.
 
b
 
Brian Cunningham

Reply via email to