Thanks I did a check and trace route as well but I really interested to know how he did it and is there BUG in IMAIL where it open relay to the IP address only. I just want to make sure that this won't happen again.
Regards Bo Wee -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Paquette Sent: Friday, 17 January 2003 11:51 AM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] HELP - Imail Problem Howdy I did a search for IP address 210.21.10.158 listed in your log and it belongs to: Query the APNIC Whois DatabaseNeed help? General search help Help tracking spam and hacking % [whois.apnic.net node-1] % How to use this server http://www.apnic.net/db/ % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 210.21.10.128 - 210.21.10.191 netname: guangzhou-huifeng-tuiwu-corp country: cn descr: guangzhou city admin-c: JL1058-AP tech-c: JL1058-AP status: ASSIGNED NON-PORTABLE changed: [EMAIL PROTECTED] 20021010 mnt-by: MAINT-CN-LJ28 source: APNIC person: jia li nic-hdl: JL1058-AP e-mail: [EMAIL PROTECTED] address: china netcom address: guangzhou phone: +86-020-87324888 country: CN changed: [EMAIL PROTECTED] 20020906 mnt-by: MAINT-CN-ZM28 source: APNIC -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Keeper Sent: Thursday, January 16, 2003 10:29 PM To: [EMAIL PROTECTED] Subject: [IMail Forum] HELP - Imail Problem Can anyone help !!!!! My imail server crashed yesterday and I notice I got a log file that is more than 300MB where normally is only 6MB-7MB and there are thousands of mail stuck in the spool directory. I open up the log file and I notice an IP address always appear in the log and it is not in my relay list so I don't know how come all these mail ended up in my spool. Is there a BUG in IMAIL??? I really need someone advice on this because my server is still busy processing the mails. I can block the IP Address but I really need to find out what went wrong here. Attached is a sample of the log file, can anyone tell me how they manage to do it. Any help would be greatly appreciated. Thanks 01:16 00:01 SMTP-(00000858) >MAIL FROM:<[EMAIL PROTECTED]> 01:16 00:01 SMTPD(28DF00CA) [210.21.10.158] MAIL FROM:<[EMAIL PROTECTED]> 01:16 00:01 SMTP-(00000858) 250 [EMAIL PROTECTED] OK 01:16 00:01 SMTP-(00000858) >RCPT To:<[EMAIL PROTECTED]> 01:16 00:01 SMTPD(1B1B0134) [210.21.10.158] D:\IMAIL\spool\D85c5134.SMD 3300 01:16 00:01 SMTPD(28DF00CA) [210.21.10.158] RCPT TO:<[EMAIL PROTECTED]> 01:16 00:01 SMTP-(00000858) 550 Requested action not taken: mailbox unavailable 01:16 00:01 SMTP-(00000858) >QUIT 01:16 00:01 SMTPD(1B1B0134) [210.21.10.158] MAIL FROM:<[EMAIL PROTECTED]> 01:16 00:01 SMTP-(000005C8) processing D:\IMAIL\spool\Q85c5134.SMD 01:16 00:01 SMTP-(000005C8) Trying hotmail.com (0) 01:16 00:01 SMTP-(00000858) 221 mc2-f25.law16.hotmail.com Service closing transm ission channel 01:16 00:01 SMTP-(00000858) Creating message from Postmaster 01:16 00:01 SMTP-(00000858) finished D:\IMAIL\spool\Q85c3134.SMD status=2 01:16 00:01 SMTPD(1B1B0134) [210.21.10.158] RCPT TO:<[EMAIL PROTECTED]> 01:16 00:01 SMTP-(000005C8) Connect hotmail.com [65.54.254.140:25] (1) 01:16 00:01 SMTPD(28DF00CA) [210.21.10.158] D:\IMAIL\spool\D85c60ca.SMD 3293 01:16 00:01 SMTPD(28DF00CA) [210.21.10.158] MAIL FROM:<[EMAIL PROTECTED]> 01:16 00:01 SMTP-(0000083C) processing D:\IMAIL\spool\Q85c60ca.SMD 01:16 00:01 SMTP-(000005C8) 220 mc3-f34.law16.hotmail.com Microsoft ESMTP MAIL S ervice, Version: 5.0.2195.5600 ready at Wed, 15 Jan 2003 07:50:55 -0800 01:16 00:01 SMTP-(000005C8) >EHLO mail.lifespanmortgage.com.au 01:16 00:01 SMTP-(0000083C) Trying yahoo.com (0) 01:16 00:01 SMTPD(1B1B0134) [210.21.10.158] D:\IMAIL\spool\D85c6134.SMD 3295 01:16 00:01 SMTPD(28DF00CA) [210.21.10.158] RCPT TO:<[EMAIL PROTECTED]> 01:16 00:01 SMTP-(00000800) requeuing D:\IMAIL\spool\Q1e310be.SMP R0 T16 01:16 00:01 SMTP-(00000800) finished D:\IMAIL\spool\Q1e310be.SMP status=3 01:16 00:01 SMTP-(00000800) D:\IMAIL\spool\Q1e5b0be.SMP 01:16 00:01 SMTP-(00000800) processing D:\IMAIL\spool\Q1e5b0be.SMP 01:16 00:01 SMTP-(0000083C) Connect yahoo.com [64.156.215.5:25] (1) 01:16 00:01 SMTP-(0000083C) 220 YSmtp mta121.mail.scd.yahoo.com ESMTP service re ady 01:16 00:01 SMTP-(0000083C) >EHLO mail.lifespanmortgage.com.au 01:16 00:01 SMTP-(0000082C) 220 Postini ESMTP r2_8_5c1 ready. CA Business and P rofessions Code Section 17538.45 forbids use of this system for unsolicited elec tronic mail advertisements. 01:16 00:01 SMTP-(0000082C) >EHLO mail.lifespanmortgage.com.au 01:16 00:01 SMTP-(000005C8) 250-mc3-f34.law16.hotmail.com (02.00.05.0005) Hello [202.71.162.141] 01:16 00:01 SMTP-(0000083C) 250-mta121.mail.scd.yahoo.com 01:16 00:01 SMTP-(0000025C) Stack connect fail "208.45.133.23" 01:16 00:01 SMTP-(0000082C) 250-Postini says hello back 01:16 00:01 SMTP-(00000A94) Connect aol.com [64.12.137.121:25] (1) 01:16 00:01 SMTP-(00000A94) rl-recv: (00002746) connection reset 01:16 00:01 SMTP-(00000A94) 01:16 00:01 SMTP-(00000A94) SMTP_DELIV_FAILED 01:16 00:01 SMTP-(00000A94) >QUIT 01:16 00:01 SMTP-(000005C8) 250-SIZE 4278190 01:16 00:01 SMTP-(0000025C) requeuing D:\IMAIL\spool\Q859c134.SMP R0 T1 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
