> >> Subject on all messages is ORDB.org check > (0.2487070313031050.7901152880) >ip=206.111.237.67. > >So, I'm wondering what did and didn't get through and how to further tighten >down the box if they were able to successfully relay through us.
http://www.ordb.org/lookup/?host=206.111.237.67 shows that the one that went through was sent to "marvin%marvin.ordb.org@[206.111.237.67]". This takes advantage of an unusual security issue with IMail, where it will accept relayed mail with a "%" in it under certain circumstances (if the mailserver is acting as a backup mailserver for domains, and certain relay options are used, perhaps). It's been repo Declude JunkMail Pro has a PERCENT test that will detect this and stop it. -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
