Just the basic checks; - You are not hosting the hinet.net domain ofcourse? - Is there a "user authenticated, session treated as local" line before the log snippet you included? That could mean they authenticated via SMTP AUTH.
Eric -----Opprinnelig melding----- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] vegne av Imail Tom Sendt: 3. oktober 2003 13:57 Til: [EMAIL PROTECTED] Emne: [IMail Forum] Imail open relay? I set up a new mail server about 3 weeks ago. The mail server has 8.02 on it, and has no domains, or users whatsoever on it (it's a standby server). This morning, I was notified that the server is blacklisted. http://www.spamcop.net/w3m?i=z426724149z9c8ba7a2efb69a94cd4d8e6af748896ez Upon further investigation, I see that it's been doing this for 3 days. I manage several mail servers, I understand what open relay is, and, I have it set to "no relay" of course, it's been set that way since I set the server up 3 weeks ago. When I test it at : http://members.iinet.net.au/~remmie/relay/ it says "The host machine does not relay". Why did my mail server relay all this mail? Here is a snip from my smtp log. Thanks Tom 10:03 07:09 SMTP-(04680D14) >MAIL FROM:<[EMAIL PROTECTED]> 10:03 07:09 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Sender ok 10:03 07:09 SMTP-(04680D14) >RCPT To:<[EMAIL PROTECTED]> 10:03 07:09 SMTPD(032C0070) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:09 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Recipient ok 10:03 07:09 SMTP-(04680D14) >RCPT To:<[EMAIL PROTECTED]> 10:03 07:09 SMTPD(01CA0068) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:09 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Recipient ok 10:03 07:09 SMTP-(04680D14) >RCPT To:<[EMAIL PROTECTED]> 10:03 07:09 SMTPD(032C0070) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:09 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Recipient ok 10:03 07:09 SMTP-(04680D14) >RCPT To:<[EMAIL PROTECTED]> 10:03 07:09 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Recipient ok 10:03 07:09 SMTP-(04680D14) >RCPT To:<[EMAIL PROTECTED]> 10:03 07:09 SMTPD(01CA0068) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:09 SMTPD(023C0072) [216.26.191.1] connect 210.58.40.56 port 2558 10:03 07:09 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Recipient ok 10:03 07:09 SMTP-(04680D14) >DATA 10:03 07:09 SMTPD(032C0070) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:09 SMTP-(04680D14) 354 Enter mail, end with "." on a line by itself 10:03 07:09 SMTPD(01CA0068) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:09 SMTP-(04680D14) >. 10:03 07:09 SMTP-(047C07DC) 421 Too many SMTP sessions for this host 10:03 07:09 SMTP-(047C07DC) SMTP_DELIV_FAILED 10:03 07:09 SMTP-(047C07DC) >QUIT 10:03 07:09 SMTP-(047C07DC) 10:03 07:09 SMTP-(047C07DC) requeuing M:\IMail\spool\Q58320329007018ea.SMD R0 T2 10:03 07:09 SMTP-(047C07DC) finished M:\IMail\spool\Q58320329007018ea.SMD status=3 10:03 07:10 SMTP-(04680D14) 250 TAA23357 Message accepted for delivery 10:03 07:10 SMTP-(04680D14) rdeliver ms17.hinet.net multiple (5) <[EMAIL PROTECTED]> 16210 10:03 07:10 SMTP-(04680D14) >QUIT 10:03 07:10 SMTP-(04800792) 421 Too many SMTP sessions for this host 10:03 07:10 SMTP-(04800792) SMTP_DELIV_FAILED 10:03 07:10 SMTP-(04800792) >QUIT 10:03 07:10 SMTP-(04800792) 10:03 07:10 SMTP-(04800792) requeuing M:\IMail\spool\Q585c0392005cbdc5.SMD R0 T2 10:03 07:10 SMTP-(04800792) finished M:\IMail\spool\Q585c0392005cbdc5.SMD status=3 10:03 07:10 SMTP-(04780845) 421 Too many SMTP sessions for this host 10:03 07:10 SMTP-(04780845) SMTP_DELIV_FAILED 10:03 07:10 SMTP-(04780845) >QUIT 10:03 07:10 SMTP-(04780845) 10:03 07:10 SMTP-(04780845) requeuing M:\IMail\spool\Q586701c80068e765.SMD R0 T2 10:03 07:10 SMTP-(04780845) finished M:\IMail\spool\Q586701c80068e765.SMD status=3 10:03 07:10 SMTP-(04680D14) 221 ms17.hinet.net closing connection 10:03 07:10 SMTP-(04640F10) 421 Too many SMTP sessions for this host 10:03 07:10 SMTP-(04640F10) SMTP_DELIV_FAILED 10:03 07:10 SMTP-(04640F10) >QUIT 10:03 07:10 SMTP-(04640F10) 10:03 07:10 SMTP-(04640F10) requeuing M:\IMail\spool\Q5883032a007053eb.SMD R0 T2 10:03 07:10 SMTP-(04640F10) finished M:\IMail\spool\Q5883032a007053eb.SMD status=3 10:03 07:10 SMTP-(04680D14) Connect ms17.hinet.net [168.95.5.17:25] (1) 10:03 07:10 SMTPD(032C0070) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(048C0650) 421 Too many SMTP sessions for this host 10:03 07:10 SMTP-(048C0650) SMTP_DELIV_FAILED 10:03 07:10 SMTP-(048C0650) >QUIT 10:03 07:10 SMTP-(048C0650) 10:03 07:10 SMTP-(048C0650) requeuing M:\IMail\spool\Q588e023a00727e56.SMD R0 T2 10:03 07:10 SMTP-(048C0650) finished M:\IMail\spool\Q588e023a00727e56.SMD status=3 10:03 07:10 SMTPD(032C0070) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04940662) 421 Too many SMTP sessions for this host 10:03 07:10 SMTP-(04940662) SMTP_DELIV_FAILED 10:03 07:10 SMTP-(04940662) >QUIT 10:03 07:10 SMTP-(04940662) 10:03 07:10 SMTP-(04940662) requeuing M:\IMail\spool\Q58af032b0070fed1.SMD R0 T2 10:03 07:10 SMTP-(04940662) finished M:\IMail\spool\Q58af032b0070fed1.SMD status=3 10:03 07:10 SMTP-(04680D14) 220 ms17.hinet.net ESMTP Sendmail 8.8.8/8.8.8; Fri, 3 Oct 2003 19:10:01 +0800 (CST) 10:03 07:10 SMTP-(04680D14) >EHLO spare-mail.maximumasp.com 10:03 07:10 SMTPD(032C0070) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04680D14) 250-ms17.hinet.net Hello host1.216.26.191.maximumasp.com [216.26.191.1] (may be forged), pleased to meet you 10:03 07:10 SMTP-(04680D14) 250-8BITMIME 10:03 07:10 SMTP-(04680D14) 250-SIZE 10:03 07:10 SMTP-(04680D14) 250-ONEX 10:03 07:10 SMTP-(04680D14) 250-ETRN 10:03 07:10 SMTP-(04680D14) 250-XUSR 10:03 07:10 SMTP-(04680D14) 250 HELP 10:03 07:10 SMTP-(04680D14) >MAIL FROM:<[EMAIL PROTECTED]> 10:03 07:10 SMTPD(032C0070) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Sender ok 10:03 07:10 SMTP-(04680D14) >RCPT To:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Recipient ok 10:03 07:10 SMTP-(04680D14) >RCPT To:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Recipient ok 10:03 07:10 SMTP-(04680D14) >RCPT To:<[EMAIL PROTECTED]> 10:03 07:10 SMTPD(032C0070) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Recipient ok 10:03 07:10 SMTP-(04680D14) >RCPT To:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Recipient ok 10:03 07:10 SMTP-(04680D14) >RCPT To:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04680D14) 250 <[EMAIL PROTECTED]>... Recipient ok 10:03 07:10 SMTP-(04680D14) >DATA 10:03 07:10 SMTPD(023C0072) [210.58.40.56] HELO smtp3.apol.com.tw 10:03 07:10 SMTPD(032C0070) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04680D14) 354 Enter mail, end with "." on a line by itself 10:03 07:10 SMTPD(01CA0068) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:10 SMTPD(023C0072) [210.58.40.56] MAIL FROM:<[EMAIL PROTECTED]> 10:03 07:10 SMTPD(032C0070) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04680D14) >. 10:03 07:10 SMTPD(01CA0068) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:10 SMTPD(023C0072) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04680D14) 250 TAA23551 Message accepted for delivery 10:03 07:10 SMTP-(04680D14) rdeliver ms17.hinet.net multiple (5) <[EMAIL PROTECTED]> 16210 10:03 07:10 SMTP-(04680D14) >QUIT 10:03 07:10 SMTPD(032C0070) [210.58.40.56] RCPT TO:<[EMAIL PROTECTED]> 10:03 07:10 SMTP-(04680D14) 221 ms17.hinet.net closing connection To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
