Re: [qmailtoaster] Got the willys with submission log entries

Wed, 11 Dec 2019 14:02:00 -0800

can you search your logs (send, submission, and mailllog) for someb...@somewhere.net <mailto:someb...@somewhere.net::> 

On 12/11/2019 1:39 PM, Boatner Howell wrote:


[root@NewMail ~]# rpm -qa |grep qmail

qmail-1.03-2.2.1.qt.el7.x86_64

[root@NewMail ~]# cat /var/qmail/supervise/submission/run

#!/bin/sh

QMAILDUID=`id -u vpopmail`

NOFILESGID=`id -g vpopmail`

MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

SMTPD="/var/qmail/bin/qmail-smtpd"

TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"

HOSTNAME=`hostname`

VCHKPW="/home/vpopmail/bin/vchkpw"

export REQUIRE_AUTH=1

exec /usr/bin/softlimit -m 128000000 \

    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \

    -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \

    $SMTPD $VCHKPW /bin/true 2>&1

[root@NewMail ~]#

Thanks.


Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for 
Windows 10


*From: *Eric Broch <mailto:ebr...@whitehorsetc.com>
*Sent: *Wednesday, December 11, 2019 8:07 AM

*To: *qmailtoaster-list@qmailtoaster.com 
<mailto:qmailtoaster-list@qmailtoaster.com>

*Subject: *Re: [qmailtoaster] Got the willys with submission log entries

What version of qmail?

# rpm -qa | grep qmail

what's in your run file

# cat /var/qmail/supervise/submission/run


On 12/10/2019 12:24 PM, bhow...@teamft.com <mailto:bhow...@teamft.com> 
wrote:


    I have checked out authentication with my submission port 587 and
    I must authenticate before sending. However, I have entries in the
    log from a “bad guy IP address” which say “sender accepted” and
    its giving me heartburn.

    2019-12-10 02:43:04.376530500 CHKUSER accepted sender: from
    <someb...@somewhere.net::> <mailto:someb...@somewhere.net::>
    remote <4vFoWf3:unknown:64.225.41.10> rcpt <> : sender accepted

    2019-12-10 03:04:09.269688500 CHKUSER accepted sender: from
    <anotherb...@somewhere.net::> <mailto:anotherb...@somewhere.net::>
    remote <3aJfz4D7:unknown:64.225.41.10> rcpt <> : sender accepted

    (Note: the IP 64.255.41.10 is the real IP of the bad guy)

    There are no corresponding lines which say, “client allowed to relay”

    Note after the from address, there are two colons:
    <someb...@irtc.net::> <mailto:someb...@irtc.net::> . On all
    legitimate entries, there are no such double colons.

    How did this guy get that entry into my submission logs without
    authenticating?  Is this something I need to worry about?

    Any input would be really appreciated

    Boatner Howell

    Foundaton Technologies, LLC



Spam 
<https://emailfilteringservice.net/canit/b.php?c=s&i=011AC7itI&m=0a98ca35ff8f&rlm=teamft-com&t=20191211>
Phish/Fraud 
<https://emailfilteringservice.net/canit/b.php?c=p&i=011AC7itI&m=0a98ca35ff8f&rlm=teamft-com&t=20191211>
Not spam 
<https://emailfilteringservice.net/canit/b.php?c=n&i=011AC7itI&m=0a98ca35ff8f&rlm=teamft-com&t=20191211>
Forget previous vote 
<https://emailfilteringservice.net/canit/b.php?c=f&i=011AC7itI&m=0a98ca35ff8f&rlm=teamft-com&t=20191211>



---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com






















					Reply via email to