Can you send through one of the messages including all headers? Who are the messages being sent to? who are they received from? You can look in the james-home/apps/james/var/mail/outgoing folder and see the queued mails in the *.FileStreamStore files.
Daniel. > -----Original Message----- > From: Colin W. Kingsbury [mailto:[EMAIL PROTECTED] > Sent: 14 March 2005 14:27 > To: James Users List > Subject: Re: Urgent: Spam Backdoor in James? > > > > Hello again, here's some more information: > > I have attached some relevant sections from the config.xml. Once > again, the > mail does not appear to be being relayed (I can see us junking > relay-attempt > mails no problem) but it actually appears to be (or is forged to have the > appearance of) coming from the local host. If you read the headers, it has > out address (often many times, as if in a mail loop). > > When we restarted the system last night with Sendmail, and elft it running > for 30 minutes or so, the spam attempts did not appear again. Upon > restarting James, it took no more than 30 minutes for the flood to resume, > and likely much less. My reasoning is that if it was a bot > looking only for > SMTP, it would have happily used Sendmail. This is why I am > suspicious about > James, but of course I could be wrong. As for the mails that came when we > started James in pop-only mode, I think the outgoing queue may have still > had mail in it; is it possible that in that case James will > continue to send > the mail that's there? > > Below are some config snippets: > > <mailet match="All" class="RemoteDelivery"> > <outgoing> file://var/mail/outgoing/ </outgoing> > <outgoing> db://maildb/spool/outgoing </outgoing> > <!-- Delivery Schedule based upon RFC 2821, 4.5.4.1 --> > <!-- 5 day retry period, with 4 attempts in the first > hour, two more within the first 6 hours, and then > every 6 hours for the rest of the period.--> > <!--<delayTime> 5 minutes </delayTime> > <delayTime> 10 minutes </delayTime> > <delayTime> 45 minutes </delayTime> > <delayTime> 2 hours </delayTime> > <delayTime> 3 hours </delayTime> > <delayTime> 6 hours </delayTime>--> > <maxRetries> 10 </maxRetries> > <!-- The number of threads that should be trying to deliver outgoing > messages --> > <deliveryThreads> 1 </deliveryThreads> > <sendpartial>true</sendpartial> > <!-- The gateway element specifies the gateway SMTP server name. --> > <gateway>xxx.xxx.xxx.234</gateway> > <gatewayPort>25</gatewayPort> > </mailet> > > > <pop3server enabled="true"> > <port>110</port> > <handler> > <helloName autodetect="true">xxx.xxx.xxx.234</helloName> > <connectiontimeout>120000</connectiontimeout> > </handler> > </pop3server> > > <smtpserver enabled="true"> > <!-- port 25 is the well-known/IANA registered port for SMTP --> > <port>25</port> > <!-- Uncomment this if you want to use TLS (SSL) on this port --> > <!-- > <useTLS>true</useTLS> > --> > <handler> > <helloName autodetect="true">mail.xxx.com</helloName> > <connectiontimeout>360000</connectiontimeout> > <!-- Uncomment this if you want to require SMTP authentication. --> > <!-- > <authRequired>true</authRequired> > --> > <authorizedAddresses>xxx.xxx.xxx.234/29</authorizedAddresses>--> > <!-- > <verifyIdentity>true</verifyIdentity> > --> > </handler> > </smtpserver> > > -030- > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
