>I was examining the Imail log and found multiple entries like the
>ones below. Given that my mail server is 198.0.0.1 and 64.9.9.4 is
>not one of our IP's what does these log entries mean?
>
>It's bothering because Imail Log Analyzer shows 64.9.9.4 is doing
>over 3,000 SMTPD Connections on one day.
>
>--
>09:02 11:29 SMTPD(059700A2) [198.0.0.1] connect 64.9.9.4 port 1576
>09:02 11:29 SMTPD(059700A2) [64.9.9.4] HELO computername
>09:02 11:29 SMTPD(059700A2) [64.9.9.4] bogus address in MAIL FROM:<>
This means that the mailserver at 64.9.9.4 is connecting to your server,
and trying to send a bounce message.
>09:02 11:29 SMTPD(059800A2) [198.0.0.1] connect 64.9.9.4 port 1577
>09:02 11:29 SMTPD(059800A2) [64.9.9.4] HELO computername
>09:02 11:29 SMTPD(059800A2) [64.9.9.4] bogus address in MAIL FROM:<>
But, it is broken, and keeps trying and trying.
But, you are broken too, because you aren't allowed to reject the "<>"
address (which is used for bounce messages and Delivery Status Notifications).
That IP belongs to Conestoga Capital Advisors in Pennslyvania, USA, and
isn't in any spam lists. I'm guessing both of you are broken. You can fix
your server by UNchecking the "Refuse NULL <> Senders" option in the SMTP
security settings.
While you're at it, you should close your open relay, by using "Relay for
Addresses" or "No Mail Relay" (anything else will keep you listed in DSBL,
and allow spammers to use your mailserver for free).
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
