Re: [IMail Forum] Log Error Messages - 512

R. Scott Perry Wed, 06 Mar 2002 12:40:59 -0800


>Each time IMail receives a message for an invalid user, something spawns a 
>process that results in 512 "invalid user" error messages in which the 
>original sender is both sender and recipient. The error message expected 
>as a result of the original "invalid" recipient is written also. It's 
>always 1+512. If there are three invalid recipients on a multiple 
>addressee message, then it's 3+1536, etc. The condition exists despite 
>stopping/starting services, reboots, etc.


Where are you seeing the "1+512" and "3+1536"?

>I'm experiencing about 10K multi-line errors per hour.

That sounds like a "dictionary attack", where someone is trying to send to 
thousands of non-existent users on your server.  You should try blocking 
their IP address using the SMTP Security settings.

>03:03 00:00 SMTPD(B7C10124) [168.16.xxx.xx] connect 168.16.xxx.xx port 2234

This shows that someone from 168.16.xxx.xx is connecting to your 
mailserver.  That's the "evil" IP address (the one in the "connect 
168.16.xxx.xx", not the first one, which is your IP).

>03:03 00:00 SMTPD(B7C10124) [168.16.xxx.xx] HELO mail...

This just means that they are claiming to be a host "mail..." (which I'm 
guessing is really information you put in to help hide the spammer's identity).

>03:03 00:00 SMTPD(B7C10124) [168.16.xxx.xx] mail 
>from:<[EMAIL PROTECTED]>

This means that they are sending you mail from the address shown above.

>03:03 00:00 SMTPD(B7C10124) [168.16.xxx.xx] RCPT TO:<[EMAIL PROTECTED]>

To an address on your server that doesn't exist.

>03:03 00:00 SMTPD(B7C10124) [168.16.xxx.xx] ERR mail... invalid user 
><[EMAIL PROTECTED]

And IMail says that it doesn't exist.

>03:03 00:00 SMTPD(93F000F2) [168.16.xxx.xx] connect 168.16.xxx.xx port 2235
>03:03 00:00 SMTPD(93F000F2) [168.16.xxx.xx] HELO mail...
>03:03 00:00 SMTPD(93F000F2) [168.16.xxx.xx] mail 
>from:<[EMAIL PROTECTED]>
>03:03 00:00 SMTPD(93F000F2) [168.16.xxx.xx] RCPT 
>TO:<[EMAIL PROTECTED]>
>03:03 00:00 SMTPD(93F000F2) [168.16.xxx.xx] ERR mail... invalid user 
><[EMAIL PROTECTED]
>03:03 00:00 SMTPD(B7C20124) [168.16.xxx.xx] connect 168.16.xxx.xx port 2236
>03:03 00:00 SMTPD(B7C20124) [168.16.xxx.xx] HELO mail...
>03:03 00:00 SMTPD(B7C20124) [168.16.xxx.xx] mail 
>from:<[EMAIL PROTECTED]>
>03:03 00:00 SMTPD(B7C20124) [168.16.xxx.xx] RCPT 
>TO:<[EMAIL PROTECTED]>
>03:03 00:00 SMTPD(B7C20124) [168.16.xxx.xx] ERR mail... invalid user 
><[EMAIL PROTECTED]

And this just shows that they are doing this a lot, which indicates either 
a spammer or a serious mail problem on their end.

                                                    -Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for 
IMail.  http://www.declude.com

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]


Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Re: [IMail Forum] Log Error Messages - 512

Reply via email to