Looked up the ip, ran a port scan. It appears to be the mail server for
marketingmad.net, which turns out to be a site that provides services to
realtors. Of course, it's a windoze box, so it could be compromised, but
it looks more like a misconfiguration on their end, or a realtor trying
to figure out how to use their mailing list.
You could always try the normal open relay tests out there. I installed
one of the scripts i found here: http://www.southcomputers.com/relaytest.php
It takes a minute or two to run, so be patient with it. No idea how
good or accurate it is, did not write it:-)
Is it always coming from the same ip address? Maybe block them with
your firweall, or iptables?
slamp slamp wrote:
I am flooded with these messages. does it mean my server is open for
relay? should i be worried?
tcpserver: ok 32516 mail.mydomain.com:192
<http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32413
user invalid "null"
tcpserver: ok 32518 mail.mydomain.com:192
<http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32414
user invalid "null"
user invalid "null"
tcpserver: ok 32521 mail.mydomain.com:192
<http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32415
tcpserver: ok 32522 mail.mydomain.com:192
<http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32416
tcpserver: ok 32524 mail.mydomain.com:192
<http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32417
user invalid "null"
user invalid "null"
user invalid "null"
tcpserver: ok 32527 mail.mydomain.com:192
<http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32418
user invalid "null"
user invalid "null"
user invalid "null"
user invalid "null"
user invalid "null"
user invalid "null"
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null": 75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null": 75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null": 75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null": 75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
vchkpw-smtp: invalid user/domain characters "null":75.5.19.70
<http://75.5.19.70>
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]