[toaster] CHKUSER
I need a little help deciphering what's going on here. CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote DG93MCB1:unknown:IP_Address_of_allowed_relay rcpt : sender accepted I'm getting a ton of these in my log files but the user CHKUSER is reporting is not sending them. I tried commenting them out of my tcp.smtp file and resetting the tcp.smtp.cdb but I'm still getting the same log. Any help would be greatly appreciated. Thanks Doug
Re: [toaster] CHKUSER
Thanks for the reply. So, some one is just putting the mail from:legit_user.. in their email, there isn't much I can do about that is there? What I'm trying to get at is this is not an intrusion is it? Thanks Doug [EMAIL PROTECTED] ha scritto: I need a little help deciphering what's going on here. CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote DG93MCB1:unknown:IP_Address_of_allowed_relay rcpt : sender accepted I'm getting a ton of these in my log files but the user CHKUSER is reporting is not sending them. I tried commenting them out of my tcp.smtp file and resetting the tcp.smtp.cdb but I'm still getting the same log. The reported from user (in this case [EMAIL PROTECTED]) is simply the one declared at SMTP session with mail from:. Tonino Any help would be greatly appreciated. Thanks Doug -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [toaster] CHKUSER
[EMAIL PROTECTED] ha scritto: I need a little help deciphering what's going on here. CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote DG93MCB1:unknown:IP_Address_of_allowed_relay rcpt : sender accepted I'm getting a ton of these in my log files but the user CHKUSER is reporting is not sending them. I tried commenting them out of my tcp.smtp file and resetting the tcp.smtp.cdb but I'm still getting the same log. The reported from user (in this case [EMAIL PROTECTED]) is simply the one declared at SMTP session with mail from:. Tonino Any help would be greatly appreciated. Thanks Doug -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
RE: [toaster] CHKUSER
I have a chkuser question as well. I'm getting the following message related to some legitimate mail which my server needs to pass thru: @400047817ef31d2e7f44 CHKUSER rejected sender: from [EMAIL PROTECTED]:: remote k2smtpout04-01.prod.mesa1.secureserver.net:unknown:64.202.189.166 rcpt : invalid sender MX domain People at the subject domain seem unwilling - or unable - to make the DNS entry necessary to fix the problem. Regardless, if there's a way to whitelist a known/permitted domain, I suppose it wouldn't hurt to save on DNS overhead. I've tried simply putting an entry in my server's hosts file... I thought that would work but seem to be finding that the hosts file doesn't behave in the manner I thought it did. Bottom line, I still can't make the domain resolve/chkuser pass the mail. Any suggestions? Preferably one that doesn't require recompiling. I'm squeamish about doing that on a production server :) Thank-you in advance, Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, January 10, 2008 6:15 AM To: toaster@shupp.org Subject: [toaster] CHKUSER I need a little help deciphering what's going on here. CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote DG93MCB1:unknown:IP_Address_of_allowed_relay rcpt : sender accepted I'm getting a ton of these in my log files but the user CHKUSER is reporting is not sending them. I tried commenting them out of my tcp.smtp file and resetting the tcp.smtp.cdb but I'm still getting the same log. Any help would be greatly appreciated. Thanks Doug
Re: [toaster] CHKUSER
One of the checks enabled by default in CHKUSER tries to reject fake senders, so if the domain declared in the address does not have an MX entry it is obvious the sender is fake (100%). Are your users conscious they are using an address which does have not a DNS MX entry? sample.secureserver.net does not have an MX, so when checking for a legal sender, this address is rejected. Tell your users to use a not_exiting user in a exiting_MX_domain. So probably [EMAIL PROTECTED] (or [EMAIL PROTECTED]) where the domain does exist but the mailbox does not seems to be more safe. You can also exclude the check, but I suggest not to do (also because the most of receiving servers will make the same check) Tonino Bill D'Anjou ha scritto: I have a chkuser question as well. I'm getting the following message related to some legitimate mail which my server needs to pass thru: @400047817ef31d2e7f44 CHKUSER rejected sender: from [EMAIL PROTECTED]:: remote k2smtpout04-01.prod.mesa1.secureserver.net:unknown:64.202.189.166 rcpt : invalid sender MX domain People at the subject domain seem unwilling - or unable - to make the DNS entry necessary to fix the problem. Regardless, if there's a way to whitelist a known/permitted domain, I suppose it wouldn't hurt to save on DNS overhead. I've tried simply putting an entry in my server's hosts file... I thought that would work but seem to be finding that the hosts file doesn't behave in the manner I thought it did. Bottom line, I still can't make the domain resolve/chkuser pass the mail. Any suggestions? Preferably one that doesn't require recompiling. I'm squeamish about doing that on a production server :) Thank-you in advance, Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, January 10, 2008 6:15 AM To: toaster@shupp.org Subject: [toaster] CHKUSER I need a little help deciphering what's going on here. CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote DG93MCB1:unknown:IP_Address_of_allowed_relay rcpt : sender accepted I'm getting a ton of these in my log files but the user CHKUSER is reporting is not sending them. I tried commenting them out of my tcp.smtp file and resetting the tcp.smtp.cdb but I'm still getting the same log. Any help would be greatly appreciated. Thanks Doug -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [toaster] CHKUSER
Please check the respective machine for any malware. If the smtp authentication password is saved which in most cases is than a worm or virus can collect the saved password and send spam using your server as authorized relay. That was my assumption when i first saw that you specified IP_address_of_allowed_relay. If the respective address is in a private address than the assumption becomes certainty. Sorry to be a pest but, the IP address of origin is the correct address of an allowed relay. CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote DG93MCB1:unknown:IP_address_of_allowed_relay rcpt : sender accepted I hate to say it but if the user was stating mail from:legit_user but the reported IP is from IP_address_of_allowed_relay isn't the email coming form either the allowed relay or some one spoofing the allowed relay? Thanks Doug [EMAIL PROTECTED] ha scritto: I need a little help deciphering what's going on here. CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote DG93MCB1:unknown:IP_Address_of_allowed_relay rcpt : sender accepted I'm getting a ton of these in my log files but the user CHKUSER is reporting is not sending them. I tried commenting them out of my tcp.smtp file and resetting the tcp.smtp.cdb but I'm still getting the same log. The reported from user (in this case [EMAIL PROTECTED]) is simply the one declared at SMTP session with mail from:. Tonino Any help would be greatly appreciated. Thanks Doug -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]