Where are the rest of the logs? There should be a line before it saying the session was treated as local - OR - you have this IP in the Control Access list as trusted? Perhpas you have the Control Access list set backwards. It can be set for Allow all but the IPs listed or Refuse all but the IPs listed. In any case you are missing some of the logs.
Travis > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Harry Hanson > Sent: Monday, March 29, 2004 7:48 AM > To: [EMAIL PROTECTED] > Subject: [IMail Forum] Relay vulnerability being exploited? > > > config is set to no relay/smtp auth. will pass most relay tests, however > there is apparently a way around this as server is being used to > relay spam > (logs, headers below). solutions? > > Example Header (nice declude notes it was checked for spam heh): > > > Return-Path: [EMAIL PROTECTED] > > Delivery-Date: Sat Mar 27 19:45:16 2004 > > Return-Path: <[EMAIL PROTECTED]> > > Received: from lilpods.com (lilpods.com [206.63.224.95]) > > by connactivity.connactivity.com (8.12.10/8.12.10) with ESMTP id > > i2S0jF0S052359 > > for <[EMAIL PROTECTED]>; Sat, 27 Mar 2004 19:45:16 -0500 > > (EST) > > Received: from bluish [80.143.85.221] by lilpods.com with ESMTP > > (SMTPD32-8.05) id A005233800B8; Sat, 27 Mar 2004 16:44:53 -0800 > > From: "Jessie Jinbachian"<[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: CIA-L1S & LEV-ITRA : E_n1arge Your P^e^n^1^s in I Week! > > Mime-Version: 1.0 > > Content-Type: text/html; charset=us-ascii > > Content-Transfer-Encoding: 7bit > > Message-Id: <[EMAIL PROTECTED]> > > X-Declude-Spoolname: D2005233800b887d7.SMD > > X-Note: This E-mail was scanned for spam. > > Date: Sat, 27 Mar 2004 16:45:16 -0800 > > Logs start here (one batch - all same smtp id): > > 03:27 14:25 SMTPD(233800B8) [206.63.224.95] connect 80.143.85.221 > port 2355 > 03:27 14:25 SMTPD(233800B8) [80.143.85.221] EHLO bluish > 03:27 14:25 SMTPD(233800B8) [80.143.85.221] MAIL FROM: > <[EMAIL PROTECTED]> > 03:27 14:25 SMTPD(233800B8) [80.143.85.221] RCPT > TO:<[EMAIL PROTECTED]> > 03:27 14:25 SMTPD(233800B8) [80.143.85.221] > c:\IMail\spool\Dff65233800b816a8.SMD 1102 > 03:27 14:25 SMTPD(233800B8) [80.143.85.221] MAIL FROM: > <[EMAIL PROTECTED]> > 03:27 14:25 SMTPD(233800B8) [80.143.85.221] RCPT > TO:<[EMAIL PROTECTED]> > 03:27 14:25 SMTPD(233800B8) [80.143.85.221] > c:\IMail\spool\Dff6e233800b83c70.SMD 1092 > 03:27 14:26 SMTPD(233800B8) [80.143.85.221] MAIL FROM: > <[EMAIL PROTECTED]> > 03:27 14:26 SMTPD(233800B8) [80.143.85.221] RCPT TO:<[EMAIL PROTECTED]> > 03:27 14:26 SMTPD(233800B8) [80.143.85.221] > c:\IMail\spool\Dff7e233800b87ae0.SMD 1111 > <snip 30 min of spam logs> > > Ends here: > > 03:27 16:53 SMTPD(233800B8) [80.143.85.221] RCPT TO:<[EMAIL PROTECTED]> > 03:27 16:53 SMTPD(233800B8) [80.143.85.221] > c:\IMail\spool\D21f9233800b82b87.SMD 1147 > 03:27 16:53 SMTPD(233800B8) [80.143.85.221] MAIL FROM: > <[EMAIL PROTECTED]> > 03:27 16:53 SMTPD(233800B8) [80.143.85.221] RCPT TO:<[EMAIL PROTECTED]> > 03:27 16:53 SMTPD(233800B8) [80.143.85.221] > c:\IMail\spool\D2204233800b85566.SMD 956 > 03:27 16:53 SMTPD(233800B8) [80.143.85.221] MAIL FROM: > <[EMAIL PROTECTED]> > 03:27 16:53 SMTPD(233800B8) [80.143.85.221] RCPT > TO:<[EMAIL PROTECTED]> > 03:27 17:15 SMTPD(233800B8) idle timeout > > > Spam tests: > > RELAY Test for mail.lilpods.com > 220 lilpods.com (IMail 8.05 596450-78) NT-ESMTP Server X1 > HELO trusontechnologies.com > 250 hello lilpods.com > > Relay test 1 > MAIL FROM:([EMAIL PROTECTED]) > 250 ok > RCPT TO:([EMAIL PROTECTED]) > 550 not local host trusontechnologies.com, not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 2 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:([EMAIL PROTECTED]@trusontechnologies.com) > 550 not local host trusontechnologies.com, not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 3 > MAIL FROM:() > 250 ok > RCPT TO:([EMAIL PROTECTED]) > 550 not local host trusontechnologies.com, not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 4 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:([EMAIL PROTECTED]) > 550 not local host trusontechnologies.com, not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 5 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:([EMAIL PROTECTED]) > 550 not local host trusontechnologies.com, not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 6 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:("[EMAIL PROTECTED]") > 550 not local host trusontechnologies.com", not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 7 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:("nobody%trusontechnologies.com") > 550 not local host trusontechnologies.com", not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 8 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:([EMAIL PROTECTED]@mail.lilpods.com) > 550 not local host trusontechnologies.com, not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 9 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:("[EMAIL PROTECTED]"@mail.lilpods.com) > 550 not local host trusontechnologies.com", not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 10 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:([EMAIL PROTECTED]@mail.lilpods.com) > 550 not local host trusontechnologies.com, not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 11 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:(@mail.lilpods.com:[EMAIL PROTECTED]) > 550 not local host trusontechnologies.com, not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 12 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:(mail.lilpods.com:[EMAIL PROTECTED]) > 550 not local host trusontechnologies.com, not a gateway (Passed Test) > RSET > 250 ok its reset > > Relay test 13 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:(trusontechnologies.com!nobody) > 550 unknown user (Passed Test) > RSET > 250 ok its reset > > Relay test 14 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:([EMAIL PROTECTED]) > 550 unknown user (Passed Test) > RSET > 250 ok its reset > > Relay test 15 > MAIL FROM:([EMAIL PROTECTED]@mail.lilpods.com) > 250 ok > RCPT TO:([EMAIL PROTECTED]@mail.lilpods.com) > 550 not local host trusontechnologies.com, not a gateway (Passed Test) > RSET > 250 ok its reset > > > Congratulations! You have passed ALL Spamming tests. > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
