Thanks for the reply. NOTE: None of my users will have sent anything from outside the US.
I've got some log entries for vchkpw-submission (marked as successful in the log) with non-US IP's (Russia, Egypt, Honk Kong, etc).In my analysis I'm marking those entries as hacked accounts. >From what I read from your response, vchkpw-smtp (marked as successful in the >log) entries could be mail sent TO my server FROM another server on port 25. >That tells me those are probably safe submissions - even if they are from >overseas IPs. Am I thinking correctly? >________________________________ > From: Tom Collins <t...@tomlogic.com> >To: vchkpw@inter7.com >Sent: Wednesday, March 5, 2014 12:02 AM >Subject: Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp > > > >vchkpw-submission is on port 587, and is typically used for emai clients >relaying mail. It's often set up to require authentication. > > >vchkpw-smtp is on port 25, and can be used for email clients to relay mail, or >by other servers delivering mail to your server. > > >-Tom > > >On Mar 4, 2014, at 9:41 PM, LHTek wrote: > >In the /var/log/maillog file what is the difference between these 2 entries >(vchkpw-submission, vchkpw-smtp)? >> >> >>example: >>Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission: (PLAIN) login >>success t...@domain.com:64.185.3.238 >> >>Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp: (PLAIN) login success >>t...@domain.com:64.57.239.114 >> >> >> >> > > > !DSPAM:5316c7aa34265248780387!