Re: [IMail Forum] access control listing

Eric Shanbrom Thu, 12 Jan 2006 06:50:30 -0800

This could be due to the Auto-deny hack attempts which will add the IP of the offending connection to the Control Access list in memory.

Eric S

----- Original Message -----

From: Matrosity Hosting

To: [email protected]

Sent: Thursday, January 12, 2006 8:03 AM

Subject: [IMail Forum] access control listing

We're having problems with a customer who has offices in the US and the Netherlands. The Netherlands offices have their own mail server and it keeps getting on our access control list. Here's a log excerpt:

01:12 06:03 SMTPD(379701470000092b) [65.112.155.254] connect 70.89.69.125 port 1056
01:12 06:03 SMTPD(379701470000092b) [70.89.69.125] EHLO asyusa
01:12 06:03 SMTPD(379701470000092b) Authenticated [EMAIL PROTECTED], session treated as local.
01:12 06:03 SMTPD(379701470000092b) [70.89.69.125] MAIL FROM:<[EMAIL PROTECTED]>
01:12 06:03 SMTPD(379701470000092b) [70.89.69.125] RCPT TO:<[EMAIL PROTECTED]>
01:12 06:03 SMTPD(379701470000092b) [x] looking up amalgamated.com in HOSTS
01:12 06:03 SMTPD(379701470000092b) [70.89.69.125] RCPT TO:<[EMAIL PROTECTED]>
01:12 06:03 SMTPD(379701470000092b) [x] looking up amalgamated.com in HOSTS
01:12 06:03 SMTPD(379701470000092b) [70.89.69.125] RCPT TO:<[EMAIL PROTECTED]>
01:12 06:03 SMTPD(379701470000092b) [x] looking up amalgamated.com in HOSTS
01:12 06:03 SMTPD(379701470000092b) [70.89.69.125] RCPT TO:<[EMAIL PROTECTED]>
01:12 06:03 SMTPD(379701470000092b) [x] looking up asysco.com in HOSTS
01:12 06:03 SMTPD(379701470000092b) [70.89.69.125] RCPT TO:<[EMAIL PROTECTED]>
01:12 06:03 SMTPD(379701470000092b) [x] looking up asyscousa.com in HOSTS
01:12 06:03 SMTPD(379801980000092c) [65.112.155.254] connect 221.15.240.241 port 2525
01:12 06:03 SMTPD(379701470000092b) [70.89.69.125] c:\IMail\spool\D379701470000092b.SMD 1657
01:12 06:03 SMTP-(379701470000092b) processing c:\IMail\spool\Q379701470000092b.SMD
01:12 06:03 SMTP-(379701470000092b) ldeliver AsyscoUSA.com r.v.leeuwen-main (1) [EMAIL PROTECTED] 2016
01:12 06:03 SMTP-(379701470000092b) Trying asysco.com (0)
01:12 06:03 SMTP-(379701470000092b) 220 ************************************************************************************************2*****200***2*0******0*00
01:12 06:03 SMTP-(379701470000092b) Connect asysco.com [217.166.73.211:25] (1)
01:12 06:03 SMTP-(379701470000092b) >EHLO PINE.MATROSITY.COM
01:12 06:03 SMTP-(379701470000092b) 500 asyisa.asysco.local: unknown command.
01:12 06:03 SMTP-(379701470000092b) >HELO PINE.MATROSITY.COM
01:12 06:03 SMTP-(379701470000092b) 250 asyisa.asysco.local Hello [65.112.155.254]
01:12 06:03 SMTP-(379701470000092b) >MAIL FROM:<[EMAIL PROTECTED]>
01:12 06:03 SMTP-(379701470000092b) 250 <[EMAIL PROTECTED]>: Sender Ok
01:12 06:03 SMTP-(379701470000092b) >RCPT To:<[EMAIL PROTECTED]>
01:12 06:03 SMTP-(379701470000092b) 250 <[EMAIL PROTECTED]>: Recipient Ok
01:12 06:03 SMTP-(379701470000092b) >DATA
01:12 06:03 POP3D (0503A78A) logon success for jeffl waterfront-properties.com from 66.107.86.203
01:12 06:03 SMTP-(379701470000092b) 354 asyisa.asysco.local: Send data now. Terminate with "."
01:12 06:03 SMTP-(379701470000092b) >.
01:12 06:03 SMTP-(379701470000092b) 250 asyisa.asysco.local: Message accepted for delivery
01:12 06:03 SMTP-(379701470000092b) rdeliver asysco.com [EMAIL PROTECTED] (1) [EMAIL PROTECTED] 2016
01:12 06:03 SMTP-(379701470000092b) >QUIT
01:12 06:03 SMTPD(379a01fa0000092e) [65.112.155.254] connect 211.242.91.162 port 3034
01:12 06:03 SMTP-(379701470000092b) 221 asyisa.asysco.local closing connection. Goodbye!
01:12 06:03 SMTP-(379701470000092b) Trying amalgamated.com (0)
01:12 06:03 SMTP-(379701470000092b) 220 server2.amalgamated.com SMTP; Thu, 12 Jan 2006 06:03:53 -0500
01:12 06:03 SMTP-(379701470000092b) Connect amalgamated.com [65.206.12.69:25] (1)
01:12 06:03 SMTP-(379701470000092b) >EHLO PINE.MATROSITY.COM
01:12 06:03 SMTP-(379701470000092b) 250 server2.amalgamated.com Hello
01:12 06:03 SMTP-(379701470000092b) >MAIL FROM:<[EMAIL PROTECTED]>
01:12 06:03 SMTP-(379701470000092b) 250 <[EMAIL PROTECTED]>... Sender ok
01:12 06:03 SMTP-(379701470000092b) >RCPT To:<[EMAIL PROTECTED]>
01:12 06:03 SMTP-(379701470000092b) 250 <[EMAIL PROTECTED]>... Recipient ok
01:12 06:03 SMTP-(379701470000092b) >RCPT To:<[EMAIL PROTECTED]>
01:12 06:03 SMTP-(379701470000092b) 250 <[EMAIL PROTECTED]>... Recipient ok
01:12 06:03 SMTP-(379701470000092b) >RCPT To:<[EMAIL PROTECTED]>
01:12 06:03 SMTP-(379701470000092b) 250 <[EMAIL PROTECTED]>... Recipient ok
01:12 06:03 SMTP-(379701470000092b) >DATA
01:12 06:03 SMTP-(379701470000092b) 354 Enter mail, end with "." on a line by itself
01:12 06:03 SMTP-(379701470000092b) >.
01:12 06:03 SMTP-(379701470000092b) 250 M2006011206035329084 Message accepted for delivery
01:12 06:03 SMTP-(379701470000092b) rdeliver amalgamated.com multiple (3) [EMAIL PROTECTED] 2016
01:12 06:03 SMTP-(379701470000092b) >QUIT
01:12 06:03 SMTPD(378f00ae00000928) [221.2.178.125] HELO -1214022840
01:12 06:03 SMTP-(379701470000092b) 221 server2.amalgamated.com closing connection.
01:12 06:03 SMTP-(379701470000092b) finished c:\IMail\spool\Q379701470000092b.SMD status=1

Right after this they get:

01:12 06:04 SMTPD(37bf01fa00000959) Denied access from 217.166.73.211

I can't figure out why they're getting listed? The logs don't even show the familiar line:

01:12 06:35 SMTPD(3f01019300001010) [210.213.143.191] max errors exceeded, address will be denied future connections for 1440

Re: [IMail Forum] access control listing

Reply via email to