Re: [IMail Forum] Strange server connections

Mon, 26 Aug 2002 18:16:06 -0700 


>As shown by the log samples below, recently there have been connections
>to our server ("bobcat.jcjc.cc.ms.us", also responses to
>"bobcat.jcjc.edu") from remote units that seem to claim to be
>"mail.jcjc.cc.ms.us" or "mail.jcjc.edu"....
>
>I guess my questions are: (1) Do I have a problem here?

No.  There actually is a problem -- there are some computers sending you 
E-mail that isn't wanted -- but that's the extent of the problem.

>(2) I am set to relay for my internal IPs only.  Can this get around that 
>setting and
>make me a relay?

If you use "Relay for Addresses", that will only let people send outgoing 
mail if [1] They are coming from one of the trusted IPs you enter, or [2] 
They authenticate using SMTP AUTH.  I haven't yet heard of a spammer 
bypassing either of those.

>(3) Besides contacting the IP owners, what should be done?

That, and blocking those IPs, are about all you can do.

>08:24 15:31 SMTPD(283100AC) [172.22.18.2] connect 63.166.146.23 port 2129
>08:24 15:31 SMTPD(283100AC) [63.166.146.23] HELO mail.jcjc.edu
>08:24 15:31 SMTPD(283100AC) [63.166.146.23] MAIL FROM:<[EMAIL PROTECTED]>
>08:24 15:31 SMTPD(283100AC) [63.166.146.23] RCPT TO:<[EMAIL PROTECTED]>

Here, 63.166.146.23 connects to your mailserver.  Then, it claims to be 
"mail.jcjc.edu" (which is obviously not true, since that's your 
domain).  They then claim to be sending mail from a user 
"[EMAIL PROTECTED]" (which is likely forged), and send mail to an 
address on your domain.  That last piece is the key -- they are sending 
mail to a user on your domain.  That means that they aren't relaying; all 
they are doing is sending you unwanted mail.  In this case, it is likely a 
virus that is trying to spread.

                                                    -Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for 
IMail.  http://www.declude.com

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Reply via email to