> But when the relay attempt is one of these test sites it is not > really a local relay as they need entrance from the outside.
Relay refers to the recipient domain being off-server. Just a terminology thing to make posts more clear. >>> If it is on another location I have gotten messages that elude to >>> no relay being allowed. >> >> Uh-huh. > So this is partially good right? Yep. > Here is a recent log record: > 03:13 16:16 POP3D (00000140) logon success for elisa cleanfunpromo.com > from 208.57.69.37 That's a POP3 logon, not SMTP AUTH (though POP3 can technically be used to send e-mails). > The IP is NOT my clients and I even changed her password an hour > ago. But yet a review of the logs will show this account being > targeted over and over all day from different Ips... The remainder of your logs just show incoming *attempts* to send mail, but you haven't shown the recipient, nor whether the server is allowing the mail to be submitted. What you need to do is (a) make sure you've blocked an impersonator from authenticating (good tip from Marc on that front), (b) communicate with the real user to make sure she is not purposely doing bad things from an unknown IP, and (c) block rogue IPs at the firewall or by using "Control Access" in IMail. -Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] ------------------------------------ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
