Bharath, Thank you for the reply!
This is a stand alone mail server. The only website on it is the web mail interface which is based upon RoundCube. I wouldn't think RoundCube would have a hole in it like that - at least I can't find a hole like that. That is why it would be helpful to know what IP is generating this message. I was hoping there was some mechanism that might facilitate that. I did a search through the logs with qmlog and the only log file that had the [email protected] was the send/current log. Alternatively, is there a way to follow a message all the way through the logs: smtp, pop3, spamd, send, etc? If I could do that I might have a chance to grab the IP and slueth it from there. Thanks, Denny >________________________________ > From: Bharath Chari <[email protected]> >To: [email protected] >Sent: Friday, February 1, 2013 11:18 PM >Subject: Re: [qmailtoaster] Qmail Send Log Issue > >Mr Denny Jones <[email protected]> wrote: > >>Hello, >> >>I've had a long standing issue I've not been able to find an answer to. >> >>Given the following lines in my /var/log/qmail/send/current file: >> >> >>2013-02-01 22:35:43.722132500 new msg 48367517 >>2013-02-01 22:35:43.722134500 info msg 48367517: bytes 1683 from >><[email protected]> qp 31991 uid 0 >>2013-02-01 22:35:43.726047500 starting delivery 198: msg 48367517 to >>remote [email protected] >>2013-02-01 22:35:43.769474500 delivery 198: failure: >>Sorry,_I_couldn't_find_any_host_named_localhost.localdomain._(#5.1.2)/ >>2013-02-01 22:35:43.774195500 bounce msg 48367517 qp 32416 >>2013-02-01 22:35:43.774197500 end msg 48367517 >>2013-02-01 22:35:43.774383500 new msg 48367763 >>2013-02-01 22:35:43.774385500 info msg 48367763: bytes 2282 from <> qp >>32416 uid 7796 >>2013-02-01 22:35:43.777942500 starting delivery 199: msg 48367763 to >>remote [email protected] >>2013-02-01 22:35:43.823420500 delivery 199: failure: >>Sorry,_I_couldn't_find_any_host_named_localhost.localdomain._(#5.1.2)/ >>2013-02-01 22:35:43.827341500 bounce msg 48367763 qp 32418 >>2013-02-01 22:35:43.827342500 end msg 48367763 >>2013-02-01 22:35:43.827530500 new msg 48367529 >>2013-02-01 22:35:43.827532500 info msg 48367529: bytes 2767 from <#@[]> >>qp 32418 uid 7796 >>2013-02-01 22:35:43.831085500 starting delivery 200: msg 48367529 to >>local lhtek.com-@@lhtek.com >>2013-02-01 22:35:43.852956500 delivery 200: failure: >>invalid_username/[email protected]/ >>2013-02-01 22:35:43.852960500 triple bounce: discarding bounce/48367529 >>2013-02-01 22:35:43.852961500 end msg 48367529 >> >> >>How do I find out the origin IP of [email protected]? Who >>is sending that message? >> >> >>Also, I assume the #@[] is a double bounce? >> >>Thanks, >>Denny > >I may be off the mark here, but is there a possibility that you have a web >page hosted on the same server that has some kind of mail/contact form? In >which case the originating address would be localhost. > >I've seen things like this as a result of insecure web forms. > >Bharath > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: [email protected] > > > >
