Also, is there a user on your system <>?

On 12/11/2019 3:00 PM, Eric Broch wrote:

can you search your logs (send, submission, and mailllog) for <>

On 12/11/2019 1:39 PM, Boatner Howell wrote:

[root@NewMail ~]# rpm -qa |grep qmail


[root@NewMail ~]# cat /var/qmail/supervise/submission/run


QMAILDUID=`id -u vpopmail`

NOFILESGID=`id -g vpopmail`

MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`






exec /usr/bin/softlimit -m 128000000 \

    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \

    -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \

    $SMTPD $VCHKPW /bin/true 2>&1

[root@NewMail ~]#


Sent from Mail <> for Windows 10

*From: *Eric Broch <>
*Sent: *Wednesday, December 11, 2019 8:07 AM
*To: * <>
*Subject: *Re: [qmailtoaster] Got the willys with submission log entries

What version of qmail?

# rpm -qa | grep qmail

what's in your run file

# cat /var/qmail/supervise/submission/run

On 12/10/2019 12:24 PM, <> wrote:

    I have checked out authentication with my submission port 587 and
    I must authenticate before sending. However, I have entries in
    the log from a “bad guy IP address” which say “sender accepted”
    and its giving me heartburn.

    2019-12-10 02:43:04.376530500 CHKUSER accepted sender: from
    <> <>
    remote <4vFoWf3:unknown:> rcpt <> : sender accepted

    2019-12-10 03:04:09.269688500 CHKUSER accepted sender: from
    <> remote
    <3aJfz4D7:unknown:> rcpt <> : sender accepted

    (Note: the IP is the real IP of the bad guy)

    There are no corresponding lines which say, “client allowed to relay”

    Note after the from address, there are two colons:
    <> <> . On all
    legitimate entries, there are no such double colons.

    How did this guy get that entry into my submission logs without
    authenticating?  Is this something I need to worry about?

    Any input would be really appreciated

    Boatner Howell

    Foundaton Technologies, LLC

Spam <> Phish/Fraud <> Not spam <> Forget previous vote <>

To unsubscribe,
For additional commands,

Reply via email to