hi everyone,
recently while I was monitoring some mail deliveries I saw this thing
happening:
using tai64nlocal for local time
smtp/current:
2007-08-10 16:36:17.860683500 CHKUSER accepted sender: from
<[EMAIL PROTECTED]::> remote
<235-194-218-83.globnet.md:unknown:83.218.194.235> rcpt <> : sender accepted
2007-08-10 16:36:21.306076500 CHKUSER accepted rcpt: from
<[EMAIL PROTECTED]::> remote
<235-194-218-83.globnet.md:unknown:83.218.194.235> rcpt
<[EMAIL PROTECTED]> : found existing recipient
2007-08-10 16:36:24.125363500 simscan:[25035]:CLEAN
(7.90/9.00):2.6938s:***SPAM***
GlobalTrading-dorel:83.218.194.235:[EMAIL PROTECTED]:[EMAIL PROTECTED]:
2007-08-10 16:36:24.782902500 tcpserver: end 25035 status 0
2007-08-10 16:36:24.782984500 tcpserver: status: 0/100
send/current:
2007-08-10 16:36:24.383907500 new msg 836212
2007-08-10 16:36:24.383916500 info msg 836212: bytes 14648 from
<[EMAIL PROTECTED]> qp 25124 uid 89
2007-08-10 16:36:24.400349500 starting delivery 25: msg 836212 to local
[EMAIL PROTECTED]
2007-08-10 16:36:24.400487500 status: local 1/10 remote 0/60
2007-08-10 16:36:24.454209500 delivery 25: success: did_0+0+1/
2007-08-10 16:36:24.454217500 status: local 0/10 remote 0/60
2007-08-10 16:36:24.454221500 end msg 836212
the user dorel does not exist, also I've done a grep in domain
createc.ro for GlobalTrading and I couldn't fine anything related to
user dorel. I also verified the vpopmail database.
should I monitor the server for open relays ?
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]