Hi Ken,
In the logs named dnsserver-yyyy-mm-dd-hh-mm.log there are failed lookups of
domain names listed: lots and lots and lots of them, for email addresses I've
never sent mail to - heck, for ccTLD's I've never sent mail to.
Don't worry about them. There is a setting in James which looks up the
domain mentioned in the from address. Therefore just because a domain
is mentioned in this log file it doesn't mean James was attempting to
send an email to it.
In the logs named maillet-yyyy-mm-dd-hh-mm.log there are entries like the following:
28/02/08 00:05:18 INFO James.Mailet: RemoteDelivery: Temporary exception delivering mail (Mail1204048516460-8525-!297813-to-example.com:
This just means the destination mail server was refusing to accept any
email... probably because they use a technique called greylisting where
they automatically reject email from somewhere they haven't dealt with
before. If your server is a proper server and not a spam bot it will
attempt to deliver the email again and this time if enough time has
passed it will be let through.
28/02/08 00:05:18 INFO James.Mailet: RemoteDelivery: Storing message
Mail1204048516460-8525-!297813-to-example.com into outgoing after 9 retries
This just means James has tried 9 times to deliver this email to the
recipients mail server and is storing it for another go later.
Eventually James will give up and possibly send you a bounce message.
Again for domains I've never sent mail to. I don't run any mailing lists or do
any spamming myself.
This isn't just spooling mail, this is actually trying to deliver it, right?
Unfortunately, yes. It looks like James is trying to send spam.
If the laptop or PC you use to compose emails has been compromised with
a virus it could be responsible for sending the spam via your James
server. After all your PC knows how to authenticate itself.
Next on the list of suspects could be a process running on your server
and sending spam locally via James. This is possible if you have set up
James to not require authentication from messages originating from the
localhost IP address (127.0.0.1). Perhaps you have a web app on your
server which allows messages to be sent and this has been compromised?
Check your config file and see if the <authorizedAddresses> tag is set
to 127.0.0.0/8 under the smtpserver > handler section. Like so...
<smtpserver enabled="true">
<port>25</port>
<handler>
...
<authRequired>true</authRequired>
<authorizedAddresses>127.0.0.0/8</authorizedAddresses>
</handler>
</smtpserver>
This setting requires authorization except for anything originating from
127.0.0.1
Regards,
David Legg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
