Hi, Since there is "X-AuthUser" in the headers, it looks like a username and password of one of your POP3 clients was used to be able to relay through your mailserver. If you don't want this, you might want to check on DefaultSmtpPerms in server.tab.
And I would advice to change the POP3 password of that user mentioned in X-AuthUser. Sincerely, Bart Op 25/02/11 10:55, Spyros Tsiolis schreef: > Hello, > > Recently, I've found entries on my anti-spam mechanism of someone > adding spam > addresses in china to my whitelist. > > at first I thought it was the mechanism. However, take a look at this > (this is a message > that got back to the senders' mailbox after the receipient was not > found from the > actual mail server) : > > ---------------------------------------------------------- > From: offendeddomain.gr PostMaster [mailto:[email protected]] > Sent: Friday, February 25, 2011 8:26 AM > To: [email protected] > Subject: Error sending message [1298614677647.b7bbcb90.3c2.7730e.jekyll] > from [offendeddomain.gr] > > [<00>] XMail bounce: Rcpt=[[email protected]];Error=[554 delivery > error: dd Sorry your message to [email protected] cannot be delivered. > This account has been disabled or discontinued [#102]. - > mta104..mail.cnh.yahoo.com] > > > [<01>] Error sending message [1298614677647.b7bbcb90.3c2.7730e.jekyll] from > [offendeddomain.gr]. > > ID: <SA2BAD8> > Mail From: <[email protected]> > Rcpt To: <[email protected]> > Server: <mta-v1.mail.vip.cnh.yahoo.com> [203.209.250.248] > > > [<02>] The reason of the delivery failure was: > > 554 delivery error: dd Sorry your message to [email protected] cannot > be delivered. This account has been disabled or discontinued [#102]. - > mta104.mail.cnh.yahoo.com > > > [<05>] Here is listed the initial part of the message: > > X-AuthUser: [email protected] > Received: from jekyll.offendeddomain.gr > by jekyll.offendeddomain.gr with [XMail 1.27 ESMTP Server] > id <SA2BAD8> for <[email protected]> from > <account_that_is_sending_spam > @offendeddomain.gr>; > Fri, 25 Feb 2011 08:17:40 +0200 > Received: from pfptxuxa ([222.247.120.207] helo=pfptxuxa) with IPv4:25 by > jekyll.offendeddomain..gr; 25 Feb 2011 08:16:08 +0200 > From: =?gb2312?B?zuLotOi0?= <account_that_is_sending_spam > @offendedomain.gr> > To: "gushizhijia001" <[email protected]> > Subject: =?gb2312?B?uaTJy8rCucq1xLSmwO3T67fnz9Ww0b/YRzY3VTI2MA==?= > Date: Fri, 25 Feb 2011 14:17:39 +0800 > X-Mailer: Microsoft Outlook Express 6.00.2800.1106 > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="----=ybr910_4932_200237205.485272" > X-Priority: 3 > X-Assp-Version: 1..7.5.7(1.0.07) on jekyll.offendeddomain.gr > X-Assp-Passing: authenticated > X-Assp-ID: jekyll.offendeddomain.gr 14660-17969 > X-Assp-Intended-For: [email protected] > X-Assp-Envelope-From: [email protected] > --------------------------------------------------------- > > Now, AFAIK, I've setup XMail in such fashion as to reject any relay > attemps. > I even checked on specialized sites if I've left any holes open. > It looks fine. Still . . . > > Do you chaps have any ideas why is this happening ? > > I am about to backup the mailserver and re-install the anti-spam > mechanism. > Something very laborious and very time-consuming. > > Thank you all, > > spyros > > > > > > ----- "I merely function as a channel that filters music through the > chaos of noise" - Vangelis > > > _______________________________________________ > xmail mailing list > [email protected] > http://xmailserver.org/mailman/listinfo/xmail
_______________________________________________ xmail mailing list [email protected] http://xmailserver.org/mailman/listinfo/xmail
