I need a little help deciphering what's going on here.
CHKUSER
accepted sender: from [EMAIL PROTECTED]::
remote
DG93MCB1:unknown:IP_Address_of_allowed_relay rcpt
: sender accepted
I'm getting a ton of these in my log
files but the user CHKUSER is reporting is not sending them. I tried
Thanks for the reply.
So, some one is just putting the mail
from:legit_user.. in their email, there isn't much I can do about that is
there? What I'm trying to get at is this is not an intrusion is it?
Thanks
Doug
[EMAIL PROTECTED] ha scritto:
I need a little help deciphering what's going on
[EMAIL PROTECTED] ha scritto:
I need a little help deciphering what's going on here.
CHKUSER accepted sender: from [EMAIL PROTECTED]::
remote
DG93MCB1:unknown:IP_Address_of_allowed_relay rcpt : sender accepted
I'm getting a ton of these in my log files but the user CHKUSER is
reporting is
I have a chkuser question as well. I'm getting the following message
related to some legitimate mail which my server needs to pass thru:
@400047817ef31d2e7f44 CHKUSER rejected sender: from
[EMAIL PROTECTED]:: remote
k2smtpout04-01.prod.mesa1.secureserver.net:unknown:64.202.189.166 rcpt
:
One of the checks enabled by default in CHKUSER tries to reject fake
senders, so if the domain declared in the address does not have an MX
entry it is obvious the sender is fake (100%).
Are your users conscious they are using an address which does have not a
DNS MX entry?
Please check the respective machine for any malware. If the smtp
authentication password is saved which in most cases is than a worm or
virus can collect the saved password and send spam using your server as
authorized relay.
That was my assumption when i first saw that you specified
