Just noticed the following entries in today's log. First some port scanning:
03:12 09:00 SMTPD(002D022E) [194.129.109.34] connect 218.25.142.7 port 4728 03:12 09:00 SMTPD(001D0242) [194.129.109.34] connect 218.25.142.7 port 4730 03:12 09:00 SMTPD(001B020E) [194.129.109.34] connect 218.25.142.7 port 4731
Actually, that's not port scanning. Port scanning is when someone tries connecting to various ports on your server (such as trying to connect to ports 4728, 4730, 4731, ...). However, IMail only listens to port 25 (and I'm *sure* you have a firewall, which would block random ports). In this case, they are simply connecting to your IMail server multiple times (the ports you see are the ports on *their* end, which will never be port 25, even for legitimate E-mail).
and then something else which I'm not sure about.
03:12 09:00 SMTPD(1DE400D0) [218.25.142.7] EHLO second
That just means that they are announcing that the name of their mailserver is "second" (which isn't valid).
03:12 09:00 SMTPD(340600C2) send error 10054
That's a "Connection reset" message. Perhaps their spamware can't handle IMail's EHLO response for some reason.
I'm using "no mail relay" and SMTP AUTH.
Unfortunately, this confuses a lot of people. It is important to remember that a mailserver has 2 jobs: [1] To accept incoming E-mail to local accounts, and [2] To send outgoing E-mail anywhere in the world (relaying). Spammers would love to do both, but assuming that you are set up correctly (as you are with "No mail relay"), spammers can still do #1. There isn't a mail relay setting that will prevent incoming mail (if there was, you wouldn't receive any E-mail). The only way to stop incoming mail is to analyze the E-mail to determine if it is legitimate or spam, either manually using IMail's built-in tools or by using a spam control program to automatically detect the spam.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches both viruses and vulnerabilities in E-mail, with no annual licensing fees.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
