Re: [qmailtoaster] Got the willys with submission log entries

[Eric Broch]

Please check your inbox for my response. This was actually a response to 
a break in the thread subject.

On 12/11/2019 1:36 PM, Boatner Howell wrote:

Re: What log? ….

/var/log/qmail/submission/current

This is qmail’s log for port 587.

Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for 
Windows 10

*From: *Tahnan Al Anas <mailto:tah...@gmail.com>
*Sent: *Wednesday, December 11, 2019 9:14 AM
*To: *qmailtoaster-list@qmailtoaster.com 
<mailto:qmailtoaster-list@qmailtoaster.com>
*Subject: *Re: [qmailtoaster] Got the willys with submission log entries

That I see in qmail send log

On Wed, 11 Dec 2019, 8:06 pm Eric Broch, <ebr...@whitehorsetc.com 
<mailto:ebr...@whitehorsetc.com>> wrote:

    What log?

    On 12/11/2019 1:26 AM, Tahnan Al Anas wrote:

        Hi Eric,

        Can you tell me why I am seeing all outgoing getting out with
        below log?

         success:
        User_and_password_not_set,_continuing_without_authentication./

        --

        --

        Best Regards

        Muhammad Tahnan Al Anas

        On Wed, Dec 11, 2019 at 1:25 AM <bhow...@teamft.com
        <mailto:bhow...@teamft.com>> wrote:

            I have checked out authentication with my submission port
            587 and I must authenticate before sending. However, I
            have entries in the log from a “bad guy IP address” which
            say “sender accepted” and its giving me heartburn.

            2019-12-10 02:43:04.376530500 CHKUSER accepted sender:
            from <someb...@somewhere.net::>
            <mailto:someb...@somewhere.net::> remote
            <4vFoWf3:unknown:64.225.41.10> rcpt <> : sender accepted

            2019-12-10 03:04:09.269688500 CHKUSER accepted sender:
            from <anotherb...@somewhere.net::>
            <mailto:anotherb...@somewhere.net::> remote
            <3aJfz4D7:unknown:64.225.41.10> rcpt <> : sender accepted

            (Note: the IP 64.255.41.10 is the real IP of the bad guy)

            There are no corresponding lines which say, “client
            allowed to relay”

            Note after the from address, there are two colons:
            <someb...@irtc.net::> <mailto:someb...@irtc.net::> . On
            all legitimate entries, there are no such double colons.

            How did this guy get that entry into my submission logs
            without authenticating?  Is this something I need to worry
            about?

            Any input would be really appreciated

            Boatner Howell

            Foundaton Technologies, LLC


Spam 
<https://emailfilteringservice.net/canit/b.php?c=s&i=011ADeDdx&m=53e8855b24fe&rlm=teamft-com&t=20191211>
Phish/Fraud 
<https://emailfilteringservice.net/canit/b.php?c=p&i=011ADeDdx&m=53e8855b24fe&rlm=teamft-com&t=20191211>
Not spam 
<https://emailfilteringservice.net/canit/b.php?c=n&i=011ADeDdx&m=53e8855b24fe&rlm=teamft-com&t=20191211>
Forget previous vote 
<https://emailfilteringservice.net/canit/b.php?c=f&i=011ADeDdx&m=53e8855b24fe&rlm=teamft-com&t=20191211>


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com