Until I figure out what these log entries mean I'm holding all possibilities open, including that michelle (mduffy) did send this out. However, given that the reason I looked at the log today was that our mailserver ground to a halt, I also have to consider the possibility it was hijacked by an outside source. Also, I'm still curious as to why anyone should be able to send mail from the server when it's set to not relay mail (local host only is deselected).
easy: no mail relay means ALL relay must be SMTP AUTH'ed
20021125 125624 127.0.0.1 SMTPD (000F0278) [207.232.106.104] connect 68.144.82.226 port 61085 20021125 125624 127.0.0.1 SMTPD (000F0278) [68.144.82.226] EHLO michelle 20021125 125624 127.0.0.1 SMTPD (000006E4) Authenticated [EMAIL PROTECTED], session treated as local.
mduffy, or somebody with mduffy's password, did SMTP AUTH.
20021125 125625 127.0.0.1 SMTPD (000F0278) [68.144.82.226] MAIL FROM: <[EMAIL PROTECTED]>
This idiot is still insisting the name is mduffy. what a loser. :)) you're only clue here is the 68.144.82.226, # dig -x 68.144.82.226 ; <<>> DiG 8.3 <<>> -x ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; 226.82.144.68.in-addr.arpa, type = ANY, class = IN ;; ANSWER SECTION: 226.82.144.68.in-addr.arpa. 2D IN PTR h68-144-82-226.cg.shawcable.net Len To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
