Today I noticed the following entries in my SIMS log. SIMS is actually only an outgoing server, and it has some router entries which point to other addresses when mail is sent to this domain. The only local addresses are "Postmaster", as well as "Macjordomo", "cfcnews", "cfcnews-on" and "cfcnews-off".
Relay for clients only is checked. For 1 minute, authenticated IPs are treated as client ones. Nothing blacklisted, No blacklist DNS server. RBL server list is empty. Client hosts are 172.16.0.2-172.16.255.255. All mails are sent via my provider's smtp server (mail.solnet.ch). SIMS Version is 1.8b9d14.
07:46:24 2 SMTP-342([62.152.65.205]) {S.0000028647} received, 425 bytes
07:46:25 2 SYSTEM [S.0000028647] S.0000028647 1+0 From:[EMAIL PROTECTED]
07:46:26 2 SMTP-343(mail.solnet.ch) [S.0000028647] sent, 316 bytes
07:46:26 2 SYSTEM(SMTP) [S.0000028647] sent to (lanck.net)agroreklama
07:46:26 2 SYSTEM [S.0000028647] deleted07:47:11 2 SMTP-341([62.152.65.205]) {S.0000028646} received, 425 bytes
07:47:11 2 SYSTEM [S.0000028646] S.0000028646 1+0 From:[EMAIL PROTECTED]
07:47:12 2 SMTP-344(mail.solnet.ch) [S.0000028646] sent, 316 bytes
07:47:12 2 SYSTEM(SMTP) [S.0000028646] sent to (lanck.net)agroreklama
07:47:12 2 SYSTEM [S.0000028646] deletedThis seems that somebody pretending to be [EMAIL PROTECTED] managed to send two messages to an address outside, at [EMAIL PROTECTED] - but why was this possible?
And: The offender was at 62.152.65.205 - which, per the traceroute utility, resolves to lanck.net as well: 1 i79zhh-015-fas3-1.bb.ip-plus.net (164.128.37.2) 0.462 ms 0.280 ms 0.245 ms 2 i79tix-005-gig1-0.bb.ip-plus.net (164.128.34.82) 0.401 ms 0.337 ms 0.311 ms 3 zar1-so-2-1-0.Zurichzuh.cw.net (208.175.232.113) 0.580 ms 0.574 ms 0.461 ms 4 ycr1-ge-3-2-0.Zurichzuh.cw.net (208.175.232.145) 0.542 ms 0.559 ms 0.535 ms 5 bcr1-so-7-0-0-1.Frankfurt.cw.net (166.63.195.209) 7.102 ms 7.036 ms 7.030 ms 6 bcr2.Thamesside.cw.net (166.63.210.62) 27.652 ms 27.485 ms bcr1.Thamesside.cw.net (166.63.210.61) 27.615 ms 7 iar3-loopback.Thamesside.cw.net (166.63.210.27) 27.589 ms 27.732 ms 27.680 ms 8 jsc-transtelecom-company.Thamesside.cw.net (166.63.209.2) 27.840 ms 27.903 ms 27.734 ms 9 LankTelecom-gw.transtelecom.net (217.150.38.165) 92.697 ms 92.199 ms 93.394 ms 10 vpdn-1.lanck.net (62.152.64.26) 93.483 ms 93.819 ms 93.281 ms 11 5-205.dialup.lanck.net (62.152.65.205) 500.393 ms 199.241 ms 478.156 ms
Any ideas?
Thank you, Christian. -- Christian F. Buser, Hohle Gasse 6, CH-5507 Mellingen (Switzerland) Hilfe f�r Strassenkinder in Ghana: <http://www.chance-for-children.org>
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
