Hi Kathy- I assume you are referring to the line "This message has been blocked because its checksum is in FortiGuard - AntiSpam checksum blacklist.(ffcfd6f12dc99a405fd30669d41c3342;239;1;0) ", as all the other stuff looks pretty much routine.
Either the message is one that the fun folks at Fortinet have previously determined to be spam, or it just happens to have the same checksum as another message that they object to.Fortinet has a very rigid, take-no-prisoners approach to firewall design and maintenance, so it is unlikely that you would ever get them to remove this checksum from their system. It is possible for two messages to have the same checksum, but extremely unlikely if it is a large number, which this appears to be. Find out who the sender was (if necessary, increase the logging level to debug for full data), make sure they're really one of your clients, and if so talk to them about what they were trying to accomplish. If they aren't your customer, fix whatever security problem you have. -Dave Doherty Skywaves, Inc. 97 Webster Street Worcester, MA 01603 508-425-7176 ----- Original Message ----- From: Kathy Lees To: [email protected] Sent: Monday, June 25, 2007 6:18 PM Subject: [IMail Forum] Reading logs This has shown up in our logs alot today. can someone tell me what it all means? 06:25 01:41 SMTP-(7e6d072c00ce8796) [x] Connecting socket to service <SMTP> on host <obu.edu> using protocol <tcp> 06:25 01:41 SMTP-(7e6d072c00ce8796) [x] using source IP for LTCConnection.com [64.7.202.212] 06:25 01:41 SMTPD(7faa05bd00ca8834) [58.235.235.3] RCPT TO: <[EMAIL PROTECTED]> 06:25 01:41 SMTP-(7e6d072c00ce8796) Info - DNS Cache full, deleting last item (paltek.co.jp) 06:25 01:41 SMTP-(7e6d072c00ce8796) Info - Adding obu.edu to DNS cache - TTL = 86130 06:25 01:41 SMTP-(7f5d000013b07595) [x] looking up paypal.com in HOSTS and MX 06:25 01:41 SMTP-(7f5d000013b07595) Info - Found paypal.com in DNS Cache 06:25 01:41 SMTP-(7f5d000013b07595) Trying paypal.com (0) 06:25 01:41 SMTP-(7f5d000013b07595) [x] Connecting socket to service <SMTP> on host <paypal.com> using protocol <tcp> 06:25 01:41 SMTP-(7f5d000013b07595) [x] using source IP for LTCConnection.com [64.7.202.212] 06:25 01:41 SMTP-(7f5d000013b07595) Info - Found paypal.com in DNS Cache 06:25 01:41 SMTP-(7e6d072c00ce8796) Connect obu.edu [65.70.16.4:25] (1) 06:25 01:41 SMTP-(7f5d000013b07595) Connect paypal.com [66.135.195.180:25] (1) 06:25 01:41 SMTP-(7f1f05b300ca8802) [x] looking up 8ah3sskwa.org by stack 06:25 01:41 SMTP-(7e6d072c00ce8796) 220 athena.obu.edu Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Mon, 25 Jun 2007 03:41:18 -0500 06:25 01:41 SMTP-(7e6d072c00ce8796) >EHLO LTCConnection.com 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-athena.obu.edu Hello [64.7.202.212] 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-TURN 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-SIZE 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-ETRN 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-DSN 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-ENHANCEDSTATUSCODES 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-8bitmime 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-BINARYMIME 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-CHUNKING 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-VRFY 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-X-EXPS GSSAPI NTLM LOGIN 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-X-EXPS=LOGIN 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-AUTH GSSAPI NTLM LOGIN 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-AUTH=LOGIN 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-X-LINK2STATE 06:25 01:41 SMTP-(7e6d072c00ce8796) 250-XEXCH50 06:25 01:41 SMTP-(7e6d072c00ce8796) 250 OK 06:25 01:41 SMTP-(7e6d072c00ce8796) >MAIL FROM:<[EMAIL PROTECTED]> 06:25 01:41 SMTP-(7e6d072c00ce8796) 250 2.1.0 [EMAIL PROTECTED] OK 06:25 01:41 SMTP-(7e6d072c00ce8796) >RCPT To:<[EMAIL PROTECTED]> 06:25 01:41 SMTP-(7e6d072c00ce8796) 250 2.1.5 [EMAIL PROTECTED] 06:25 01:41 SMTP-(7e6d072c00ce8796) >DATA 06:25 01:41 SMTP-(7e6d072c00ce8796) 354 Start mail input; end with <CRLF>.<CRLF> 06:25 01:41 SMTP-(7e6d072c00ce8796) >. 06:25 01:41 SMTP-(7e6d072c00ce8796) 554 5.7.1 This message has been blocked because its checksum is in FortiGuard - AntiSpam checksum blacklist.(ffcfd6f12dc99a405fd30669d41c3342;239;1;0) 06:25 01:41 SMTP-(7e6d072c00ce8796) ERR undeliverable 554 5.7.1 This message has been blocked because its checksum is in FortiGuard - AntiSpam checksum blacklist.(ffcfd6f12dc99a405fd30669d41c3342;239;1;0) 06:25 01:41 SMTP-(7e6d072c00ce8796) SMTP_DELIV_FAILED 06:25 01:41 SMTP-(7e6d072c00ce8796) >QUIT 06:25 01:41 SMTP-(7e6d072c00ce8796) 06:25 01:41 SMTP-(7e6d072c00ce8796) [u] closing socket (u) 06:25 01:41 SMTP-(7e6d072c00ce8796) Trying oakmail.peru.edu (0) 06:25 01:41 SMTP-(7e6d072c00ce8796) [x] Connecting socket to service <SMTP> on host <oakmail.peru.edu> using protocol <tcp> 06:25 01:41 SMTP-(7e6d072c00ce8796) [x] using source IP for LTCConnection.com [64.7.202.212] 06:25 01:41 SMTP-(7e6d072c00ce8796) Info - DNS Cache full, deleting last item (sums.ac.ir) 06:25 01:41 SMTP-(7e6d072c00ce8796) Info - Adding oakmail.peru.edu to DNS cache - TTL = 3329 06:25 01:41 SMTP-(7e6d072c00ce8796) Connect oakmail.peru.edu [198.180.0.15:25] (1) 06:25 01:41 SMTP-(7f5a000012cc67ab) 220 sjciport03.sjc.ebay.com ESMTP 06:25 01:41 SMTP-(7f5a000012cc67ab) >EHLO LTCConnection.com
