Thank you for the heads up and the help! Todd R Gardner_______________________________________ PC Help Desk Appraisal.com, Inc. 620 Main Street Buffalo, New York 14202 (716) 332.5950 x282 fax: (716) 332.5951 [EMAIL PROTECTED]
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Barber Sent: Monday, April 11, 2005 1:59 PM To: [email protected] Subject: RE: [IMail Forum] imailsrv problems You didn't get hacked, All that is happening is some stupid spammer is sending spam to [EMAIL PROTECTED] and imailsrv is bouncing it back because it doesn't understand the commands in the message body as seen here in this log excerpt 04:10 00:26 2884 LST imailsrv->[EMAIL PROTECTED] Illegal IMail List Server Command! So - no hack - no relaying - IMail is doing what it is supposed to, as for how to make it stop, you can add the spammers IP address to the Control Access List, or add their domain to the kill list Mike Barber Software Tester Ipswitch, Inc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Gardner Sent: Monday, April 11, 2005 1:33 PM To: [email protected] Subject: RE: [IMail Forum] imailsrv problems My thoughts exactly!! Any ideas how to lock that down? I can not find a way to disable the imailsrv...? Todd R Gardner_______________________________________ PC Help Desk Appraisal.com, Inc. 620 Main Street Buffalo, New York 14202 (716) 332.5950 x282 fax: (716) 332.5951 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Checca Sent: Monday, April 11, 2005 1:30 PM To: [email protected] Subject: RE: [IMail Forum] imailsrv problems Sounds like you got hacked. Christopher Checca Packard Transport, Inc. IT Department 24021 South Municipal Dr PO Box 380 Channahon, IL. 60410 815 467 9260 815 467 6939 Fax [EMAIL PROTECTED] www.packardtransport.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Gardner Sent: Monday, April 11, 2005 11:21 AM To: [email protected] Subject: [IMail Forum] imailsrv problems Hello, I have a strange problem. I have noticed the remote delivers from my IMail server has gone up from 650 messages a day (on average) to over 8000 messages sent yesterday. I am running IMail 8.12. From the logs, I have found that my imailsrv alias is sending and receiving a ton of messages from outside domains. Here are a few log entries: Log 1: 04:10 00:26 SMTPD(aada2e9100984c12) [x.x.x.x] connect 209.239.42.244 port 46895 04:10 00:26 SMTPD(aada2e9100984c12) [209.239.42.244] EHLO host2.budgethosting.net 04:10 00:26 SMTPD(aada2e9100984c12) [209.239.42.244] MAIL From:<[EMAIL PROTECTED]> 04:10 00:26 SMTPD(aada2e9100984c12) [209.239.42.244] RCPT To:<[EMAIL PROTECTED]> 04:10 00:26 SMTPD(aada2e9100984c12) [209.239.42.244] C:\IMail\spool\Daada2e9100984c12.SMD 910 04:10 00:26 SMTPD(aada2e9100984c12) performing antispam checks 04:10 00:26 SMTP-(0000000000000000) Info - Adding Queue file C:\IMail\spool\Qaada2e9100984c12.SMD 04:10 00:26 SMTP-(aada2e9100984c12) processing C:\IMail\spool\Qaada2e9100984c12.SMD 04:10 00:26 SMTP-(aada2e9100984c12) [x] toprog [EMAIL PROTECTED] C:\IMail\spool\tmp483C.tmp 04:10 00:26 SMTP-(aada2e9100984c12) finished C:\IMail\spool\Qaada2e9100984c12.SMD status=1 04:10 00:26 2884 LST imailsrv->[EMAIL PROTECTED] Illegal IMail List Server Command! 04:10 00:26 SMTP-(0000000000000000) Info - Adding Queue file C:\IMail\spool\QH483D.tmp 04:10 00:26 SMTP-(aadb00000c4cc72c) processing C:\IMail\spool\QH483D.tmp 04:10 00:26 SMTP-(aadb00000c4cc72c) [x] looking up exhalecosmetics.com in HOSTS and MX 04:10 00:26 SMTP-(aadb00000c4cc72c) Info - Found exhalecosmetics.com in DNS Cache 04:10 00:26 SMTP-(aadb00000c4cc72c) Trying exhalecosmetics.com (0) 04:10 00:26 SMTP-(aadb00000c4cc72c) [x] Connecting socket to service <SMTP> on host <exhalecosmetics.com> using protocol <tcp> 04:10 00:26 SMTP-(aadb00000c4cc72c) [x] using source IP for domain.com [x.x.x.x] 04:10 00:26 SMTP-(aadb00000c4cc72c) Info - Found exhalecosmetics.com in DNS Cache 04:10 00:26 SMTP-(aadb00000c4cc72c) Connect exhalecosmetics.com [216.147.72.228:25] (1) 04:10 00:26 SMTP-(aadb00000c4cc72c) 220 host2.budgethosting.net ESMTP Sendmail 8.12.10/8.12.10; Sun, 10 Apr 2005 00:26:21 -0400 04:10 00:26 SMTP-(aadb00000c4cc72c) >EHLO domain.com 04:10 00:26 SMTP-(aadb00000c4cc72c) 502 04:10 00:26 SMTP-(aadb00000c4cc72c) >HELO domain.com 04:10 00:26 SMTP-(aadb00000c4cc72c) 250 host2.budgethosting.net Hello [x.x.x.x], pleased to meet you 04:10 00:26 SMTP-(aadb00000c4cc72c) >MAIL FROM:<[EMAIL PROTECTED]> 04:10 00:26 SMTP-(aadb00000c4cc72c) 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok 04:10 00:26 SMTP-(aadb00000c4cc72c) >RCPT To:<[EMAIL PROTECTED]> 04:10 00:26 SMTP-(aadb00000c4cc72c) 250 2.1.5 <[EMAIL PROTECTED]>... Recipient ok 04:10 00:26 SMTP-(aadb00000c4cc72c) >DATA 04:10 00:26 SMTP-(aadb00000c4cc72c) 354 Enter mail, end with "." on a line by itself 04:10 00:26 SMTP-(aadb00000c4cc72c) >. 04:10 00:26 SMTP-(aadb00000c4cc72c) 250 2.0.0 j3A4QLCM027739 Message accepted for delivery 04:10 00:26 SMTP-(aadb00000c4cc72c) rdeliver exhalecosmetics.com [EMAIL PROTECTED] (1) [EMAIL PROTECTED] 1267 04:10 00:26 SMTP-(aadb00000c4cc72c) >QUIT 04:10 00:26 SMTP-(aadb00000c4cc72c) 221 2.0.0 host2.budgethosting.net closing connection 04:10 00:26 SMTP-(aadb00000c4cc72c) [u] closing socket (u) 04:10 00:26 SMTP-(aadb00000c4cc72c) finished C:\IMail\spool\QH483D.tmp status=1 Log2: 04:11 12:40 SMTPD(a86a0c9800ece5f6) [212.97.172.22] MAIL FROM: <[EMAIL PROTECTED]> 04:11 12:40 SMTPD(a86a0c9800ece5f6) [212.97.172.22] RCPT TO: <[EMAIL PROTECTED]> 04:11 12:40 SMTPD(a86a0c9800ece5f6) [212.97.172.22] C:\IMail\spool\Da86a0c9800ece5f6.SMD 1827 04:11 12:40 SMTPD(a86a0c9800ece5f6) performing antispam checks 04:11 12:40 SMTP-(0000000000000000) Info - Adding Queue file C:\IMail\spool\Qa86a0c9800ece5f6.SMD 04:11 12:40 SMTP-(a86a0c9800ece5f6) processing C:\IMail\spool\Qa86a0c9800ece5f6.SMD 04:11 12:40 SMTP-(a86a0c9800ece5f6) [x] toprog [EMAIL PROTECTED] C:\IMail\spool\tmpFFF1.tmp 04:11 12:40 SMTP-(a86a0c9800ece5f6) finished C:\IMail\spool\Qa86a0c9800ece5f6.SMD status=1 04:11 12:40 1912 LST imailsrv->[EMAIL PROTECTED] Illegal IMail List Server Command! 04:11 12:40 SMTP-(0000000000000000) Info - Adding Queue file C:\IMail\spool\QHFFF2.tmp 04:11 12:40 SMTP-(a87300000c4c5db0) processing C:\IMail\spool\QHFFF2.tmp 04:11 12:40 SMTP-(a87300000c4c5db0) [x] looking up latinmail.com in HOSTS and MX 04:11 12:40 SMTP-(a87300000c4c5db0) Info - DNS Cache full, deleting last item (kminappraisals.com) 04:11 12:40 SMTP-(a87300000c4c5db0) Info - Adding latinmail.com to DNS cache - TTL = 3599 04:11 12:40 SMTP-(a87300000c4c5db0) Trying latinmail.com (0) 04:11 12:40 SMTP-(a87300000c4c5db0) [x] Connecting socket to service <SMTP> on host <latinmail.com> using protocol <tcp> 04:11 12:40 SMTP-(a87300000c4c5db0) [x] using source IP for domain.com [x.x.x.x] 04:11 12:40 SMTP-(a87300000c4c5db0) Info - Found latinmail.com in DNS Cache 04:11 12:40 SMTP-(a87300000c4c5db0) Connect latinmail.com [62.37.236.140:25] (1) 04:11 12:40 SMTP-(a87300000c4c5db0) 220 mx1.latinmail.com 18101 ltmta01 ESMTP 04:11 12:40 SMTP-(a87300000c4c5db0) >EHLO domain.com 04:11 12:40 SMTP-(a87300000c4c5db0) 502 04:11 12:40 SMTP-(a87300000c4c5db0) >HELO domain.com 04:11 12:40 SMTP-(a87300000c4c5db0) 250 mx1.latinmail.com 04:11 12:40 SMTP-(a87300000c4c5db0) >MAIL FROM:<[EMAIL PROTECTED]> 04:11 12:40 SMTP-(a87300000c4c5db0) 250 Ok 04:11 12:40 SMTP-(a87300000c4c5db0) >RCPT To:<[EMAIL PROTECTED]> 04:11 12:40 SMTP-(a87300000c4c5db0) 550 <[EMAIL PROTECTED]>: Destinatario desconocido o mailbox lleno 04:11 12:40 SMTP-(a87300000c4c5db0) >QUIT 04:11 12:40 SMTP-(a87300000c4c5db0) 221 Bye 04:11 12:40 SMTP-(a87300000c4c5db0) [u] closing socket (u) 04:11 12:40 SMTP-(a87300000c4c5db0) Creating message from Postmaster 04:11 12:40 SMTP-(a87300000c4c5db0) ERR alias loop in [EMAIL PROTECTED] 04:11 12:40 SMTP-(a87300000c4c5db0) finished C:\IMail\spool\QHFFF2.tmp status=2 I know that the imailsrv alias is used for the IMail List-Server. I do have a moderated mailing list set up, but that is not being affected. From the logs, it looks like my imailsrv alias is being used as an open SMTP realy. I have my SMTP service set to no open-rely. I'm at a loss... Any suggestions? Todd R Gardner_______________________________________ PC Help Desk Appraisal.com, Inc. 620 Main Street Buffalo, New York 14202 (716) 332.5950 x282 fax: (716) 332.5951 [EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
