>64.253.204.203 is listed in many blacklists. It looks like they are trying >to connect to you, and failing.
One more thing. I don't know that it is good practice but I am checking my logs daily and blocking any IP's that I see connecting to [0.0.0.0] and failing. I am also blocking any IP's that I see connecting with "my server" IP address. I am checking the black lists first of course. Jim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Travis Rabe Sent: Thursday, July 03, 2003 1:02 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] send error 64.253.204.203 is listed in many blacklists. It looks like they are trying to connect to you, and failing. 216.111.26.34 is a legitimate send. E-mial is coming from staffingtech.com. Travis > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Karen D. Oland > Sent: Thursday, July 03, 2003 10:48 AM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] send error > > > After reading the messages here and looking at the archive messages, I > decided to check my logs as well. I also see these errors. Only a > one or two > a day a month ago, more now (just as those sending to invalid > addresses seem > to come and go ... xlanther.com would do a dozen or so a day for > a couple of > weeks, now seems to be fishing elsewhere). Here are a few of the errors in > my log (2 different IP's doing so today): > > 20030703 005309 127.0.0.1 SMTPD (001601DC) [0.0.0.0] connect > 64.253.204.203 port 7780 > 20030703 005309 127.0.0.1 SMTPD (001601DC) send error 10054 > 20030703 005309 127.0.0.1 SMTPD (001601DC) send error 10054 > 20030703 005344 127.0.0.1 SMTPD (001701DC) [0.0.0.0] connect > 64.253.204.203 port 7780 > 20030703 005344 127.0.0.1 SMTPD (001701DC) send error 10054 > 20030703 005344 127.0.0.1 SMTPD (001701DC) send error 10054 > > I also see lines like this > > 20030703 000747 127.0.0.1 SMTPD (0165028C) [216.111.26.34] connect > 216.111.26.34 port 1447 > > But there is never any other entry for the same SMTPD line. We do > block all > internal IP numbers coming in from the router, so I am (somewhat) > confident > these are not from outside. At least, if the router is working > correctly -- > I do know the filters work well enough that we can no longer update > Quickbooks from behind the router and have to dial direct to a > backup ISP on > that machine when that is required. > > We are set up with Relay for Addresses and our (small) network range is > listed. The range does include the mail server's IP -- which was indicated > in one of the messages as a possible problem? I don't see any > authentication going on in the logs. Should each individual IP > address that > is NOT the server be listed instead? Would the router's address > be included > in the list? (and, I just checked the IMAIL docs again, at least > we seem set > up correctly according to them). > > Do these send errors really indicate a spammer using the system, > or that the > attempt to do so failed? Or just that an open relay source was > null-routed > further upstream and it is nothing to worry about? > > Karen > > --- > [This E-mail scanned for viruses by Declude Virus] > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
