After reading the messages here and looking at the archive messages, I decided to check my logs as well. I also see these errors. Only a one or two a day a month ago, more now (just as those sending to invalid addresses seem to come and go ... xlanther.com would do a dozen or so a day for a couple of weeks, now seems to be fishing elsewhere). Here are a few of the errors in my log (2 different IP's doing so today):
20030703 005309 127.0.0.1 SMTPD (001601DC) [0.0.0.0] connect 64.253.204.203 port 7780 20030703 005309 127.0.0.1 SMTPD (001601DC) send error 10054 20030703 005309 127.0.0.1 SMTPD (001601DC) send error 10054 20030703 005344 127.0.0.1 SMTPD (001701DC) [0.0.0.0] connect 64.253.204.203 port 7780 20030703 005344 127.0.0.1 SMTPD (001701DC) send error 10054 20030703 005344 127.0.0.1 SMTPD (001701DC) send error 10054 I also see lines like this 20030703 000747 127.0.0.1 SMTPD (0165028C) [216.111.26.34] connect 216.111.26.34 port 1447 But there is never any other entry for the same SMTPD line. We do block all internal IP numbers coming in from the router, so I am (somewhat) confident these are not from outside. At least, if the router is working correctly -- I do know the filters work well enough that we can no longer update Quickbooks from behind the router and have to dial direct to a backup ISP on that machine when that is required. We are set up with Relay for Addresses and our (small) network range is listed. The range does include the mail server's IP -- which was indicated in one of the messages as a possible problem? I don't see any authentication going on in the logs. Should each individual IP address that is NOT the server be listed instead? Would the router's address be included in the list? (and, I just checked the IMAIL docs again, at least we seem set up correctly according to them). Do these send errors really indicate a spammer using the system, or that the attempt to do so failed? Or just that an open relay source was null-routed further upstream and it is nothing to worry about? Karen --- [This E-mail scanned for viruses by Declude Virus] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
