>192.168.10.xxx, [192.168.10.xxx], 9/29/2005, 10:06:23, SMTPSVC1, >DURANDAL, 192.168.10.yyy, 0, 20, 319, 250, 0, EHLO, -, [192.168.10.xxx], > >192.168.10.xxx, [192.168.10.xxx], 9/29/2005, 10:06:23, SMTPSVC1, >DURANDAL, 192.168.10.yyy 15, 10, 76, 240, 31, QUIT, -, [192.168.10.xxx], > >216.165.174.5, OutboundConnectionResponse, 9/29/2005, 10:06:23, SMTPSVC1, >DURANDAL, -, 750, 0, 103, 0, 0, -, -, 250 2.6.0 >-----end----- >(I've altered the ip's to protect the innocent...)
The irony here is, you altered the private IP range addresses, which there is no need to bother, but left the public range IP address in the clear. Anything in the 192.168.x.x range you don't have to worry about masking because they are not accessable from anyone off your private network. >Notice that I got an >"EHLO" followed by a "QUIT" and then another outside IP started talking >to the server. This may be reasonable, since the server is not >recognizing my "authentication". But it seems strange, nevertheless. This was done with Emailer?!? That shouldn't be right. Are you sure you are looking at the correct log entries? Are you sure the server is responding correctly? For Emailer to issue the EHLO followed by a QUIT means it didn't get a reply it understood (and in fact, your logs indicate no reply was given at all). I just tried telnetting to it, and got no reply to EHLO or HELO. That server ain't right. >Now, looking through the same log, I noticed this entry: >-----begin----- >216.165.174.5, OutboundConnectionCommand, 9/29/2005, 10:06:23, SMTPSVC1, >DURANDAL, -, 63, 0, 4, 0, 0, EHLO, -, DURANDAL.pecandeluxe.local, > >216.165.174.5, OutboundConnectionResponse, 9/29/2005, 10:06:23, SMTPSVC1, >DURANDAL, -, 156, 0, 30, 0, 0, -, -, 500 5.3.3 Unrecognized command, > >216.165.174.5, OutboundConnectionCommand, 9/29/2005, 10:06:23, SMTPSVC1, >DURANDAL, -, 156, 0, 4, 0, 0, HELO, -, DURANDAL.pecandeluxe.local, > >216.165.174.5, OutboundConnectionResponse, 9/29/2005, 10:06:23, SMTPSVC1, >DURANDAL, -, 234, 0, 56, 0, 0, -, -, 250 mail.clasenqualitycoatings.com >-----end----- >Note that "EHLO" is followed by a "500 5.3.3 Unrecognized command". Could >it be that Exchange doesn't do "EHLO"? Seems plausible because the very >next line is a "HELO" from the same IP and it is greeted with a "250" >response. Again, this was done with Emailer?!? Again, that shouldn't be right. Emailer doesn't retry the welcome command. Nor can Emailer change which command it is using (normal Emailer doesn't even know the EHLO command exists, and my SMTP Auth hacked version doesn't know the HELO command exists). If you are seeing that in the logs, it wasn't from a connection made by any version of Emailer 2.x, hacked or unhacked. Are you running some kind of a mail proxy? Something that is getting between Emailer and your mail server and it possibly screwing up the connection? I can say from the outside world your backup server (bigbrother) is NOT SIMS like you said it was... or if it is, it is broken. And from the outside world, your main server (assuming the settings you said before were accurate and it is smtp.pecandeluxe.com) doesn't point to your Exchange server. It points to a Yahoo server (do a DNS lookup on it). And it also doesn't reply to a connection attempt from the outside. Going further with this, durandal.pecandeluxe.com is mapped to the same IP address that bigbrother.pecandeluxe.com is mapped to. Telnet to it and have a look, something is not right with that server (at least not from the outside), the connection response is all screwed up. When I tried going to bigbrother.pecandeluxe.com the other day, it at least replied to the HELO as valid (gave me a sequence just like your 2nd log listing) Methinks your problems are not so much with Emailer talking to Exchange as they may be with DNS records being wrong, or something else being screwy on your setup. If you can give more details as to how exactly your mail is setup for inside and outside access, then maybe I can help more to get to the bottom of it. But from what I can see so far, Emailer is NOT the one generating the logs you are seeing on the 2nd logs, although it may be on the first logs, but if it is, it is doing it because your server isn't responding at all. >So, is there a way to make Exchange accept the "EHLO" command as well as >the "HELO"? Or is this all just a rabbit trail? I'd dig a little deeper into how things are setup. Something isn't right, either it isn't they way you think it is, or you have been way to vague or misleading with how things are in your postings here. If you have security concerns, I'm happy to take this offlist so you don't have to share details with the whole world. -chris <http://www.mythtech.net> ___________________________________________________________________________ To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to <[EMAIL PROTECTED]> or <[EMAIL PROTECTED]>
