Can someone help me make sense of the log entry below please. Our i-mail server is set to not relay mail for anyone
Do you have it set at "No mail relay" or "Relay for addresses"?
- however at first glance it appears someone is spoofing one of the hosted users (<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]) and using that to send out mail.That's actually not spoofing -- that just means that the person sending the mail used the address [EMAIL PROTECTED] (that's just what they entered as their address in their mail client).
20021125 125637 127.0.0.1 SMTP (2336) processing C:\IMail\spool\Q8e82000f0278744b.SMDAnd in this case, there isn't a relaying issue. The SMTP (or SMTP-) lines are E-mails that IMail is sending out. So this is just IMail delivering an E-mail from [EMAIL PROTECTED] to a number of Hotmail users.
20021125 125637 127.0.0.1 SMTP (2336) Trying hotmail.com (0)
20021125 125637 127.0.0.1 SMTP (2336) Connect hotmail.com [65.54.253.99:25] (1)
20021125 125637 127.0.0.1 SMTP (2336) 220 mc7-f17.law1.hotmail.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.5600 ready at Mon, 25 Nov 2002 12:53:43 -0800
20021125 125637 127.0.0.1 SMTP (2336) >EHLO mail.houle.ca
20021125 125637 127.0.0.1 SMTP (2336) 250-mc7-f17.law1.hotmail.com (02.00.05.0005) Hello [207.232.106.104]
20021125 125637 127.0.0.1 SMTP (2336) 250-SIZE 3565158
20021125 125637 127.0.0.1 SMTP (2336) 250-PIPELINING
20021125 125637 127.0.0.1 SMTP (2336) 250-8bitmime
20021125 125637 127.0.0.1 SMTP (2336) 250-BINARYMIME
20021125 125637 127.0.0.1 SMTP (2336) 250-CHUNKING
20021125 125637 127.0.0.1 SMTP (2336) 250-VRFY
20021125 125637 127.0.0.1 SMTP (2336) 250-AUTH LOGIN
20021125 125637 127.0.0.1 SMTP (2336) 250-AUTH=LOGIN
20021125 125637 127.0.0.1 SMTP (2336) 250-X-HMAUTH
20021125 125637 127.0.0.1 SMTP (2336) 250 OK
20021125 125637 127.0.0.1 SMTP (2336) >MAIL FROM:<<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
20021125 125637 127.0.0.1 SMTP (2336) 250 <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED] OK
20021125 125637 127.0.0.1 SMTP (2336) >RCPT To:<<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
20021125 125637 127.0.0.1 SMTP (2336) 250 <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]
20021125 125637 127.0.0.1 SMTP (2336) >RCPT To:<<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
20021125 125637 127.0.0.1 SMTP (2336) 250 <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]
20021125 125637 127.0.0.1 SMTP (2336) >RCPT To:<<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
20021125 125637 127.0.0.1 SMTP (2336) 250 <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]
20021125 125637 127.0.0.1 SMTP (2336) >RCPT To:<<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
20021125 125637 127.0.0.1 SMTP (2336) 250 <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]
20021125 125637 127.0.0.1 SMTP (2336) >RCPT To:<<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
20021125 125637 127.0.0.1 SMTP (2336) 250 <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]
20021125 125637 127.0.0.1 SMTP (2336) >DATA
20021125 125637 127.0.0.1 SMTP (2336) 354 Start mail input; end with <CRLF>.<CRLF>
20021125 125638 127.0.0.1 SMTP (2336) >.
20021125 125638 127.0.0.1 SMTP (2336) 250 <<mailto:002901c294c4$b1f6fd50$6b0aa8c0@michelle>002901c294c4$b1f6fd50$6b0aa8c0@michelle> Queued mail for delivery
20021125 125638 127.0.0.1 SMTP (2336) rdeliver hotmail.com multiple (5) <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]> 69306
20021125 125638 127.0.0.1 SMTP (2336) >QUIT
20021125 125638 127.0.0.1 SMTP (2336) 221 mc7-f17.law1.hotmail.com Service closing transmission channel
20021125 125638 127.0.0.1 SMTP (2336) finished C:\IMail\spool\Q8e82000f0278744b.SMD status=1
If there was a problem, it's the SMTPD lines you want to look at, which will show IMail accepting the E-mail.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
