Hi Steve,
I looked for "Adding From field to mail" in my SMTP log and didn't find it. I
realised then that it may be because I made a change to my RCPT template to exclude
emails with blank From addresses:
<cfif (len(smtpfrom) eq 0)>
customresponse="580 Sorry, we can no longer accept email from null
addresses"
result=unknownuser
<cfexit>
</cfif>
I think this actually goes against the standards which I believe specify that
we are required to accept email from null addresses so you may need to make
your own call on that.
As for how the email is getting to the server... Is it possible that an
attachment was opened on the server, via webmail perhaps, and then somehow
installed the virus/trojan on the server? Otherwise I'd suspect another local
machine.
Please let us know what you find out.
Cheers,
Brett
B)
Stephen Garrett wrote:
All, could some kind sole give me a place to look to fix this problem? I
am tearing my hair out...
Looks like in the last few days someone has found a hole in either IMS,
my setup or a spam program got installed on the server. I suspect my
setup, but am not sure where to look and could use a few suggestions;
I've been running IMS for years without this problem happening.
(Win2kSP4, IMS2.7r2)
What appears to be happening is that IMS is receiving emails from the
same machine the mail server is on, authenticating and relaying emails
on. This is resulting in many thousands of emails that I really do not
want to be happening 8^{. I am seeing something like the following in
the SMTP log for each of these cases:
"Adding From field to mail"
I cannot find any reference to this string within my CFM modules so this
must be coming from IMS.
Sample from my log. mail.gpsnet.com is the mail server, operating behind
a firewall.
01/23/2008 12:16:33 PM [004] DEBUG: ->220 mail.gpsnet.com inFusion Mail
Server SOHO v2.7.7 (r2) SN21919099-7977 ESMTP ready at Wed, 23 Jan 2008
12:16:33 -0800
01/23/2008 12:16:33 PM [004] mail [192.168.1.16] Connected (5 total)
01/23/2008 12:16:33 PM [004] DEBUG: <-EHLO mail.gpsnet.com
01/23/2008 12:16:36 PM [004] *** Waiting 2 seconds on HELO connection
01/23/2008 12:16:36 PM [004] DEBUG: ->250-Pleased to meet you,
mail.gpsnet.com
01/23/2008 12:16:36 PM [004] DEBUG: ->250-AUTH CRAM-MD5 LOGIN
01/23/2008 12:16:36 PM [004] DEBUG: ->250-AUTH=LOGIN
01/23/2008 12:16:36 PM [004] DEBUG: ->250-XRCPTLIMIT 35
01/23/2008 12:16:36 PM [004] DEBUG: ->250 HELP
01/23/2008 12:16:37 PM [004] DEBUG: <-MAIL FROM:
<[EMAIL PROTECTED]>
01/23/2008 12:16:37 PM [004] DEBUG: ->250 OK
01/23/2008 12:16:37 PM [004] DEBUG: <-RCPT TO: <[EMAIL PROTECTED]>
01/23/2008 12:16:38 PM [004] DEBUG: ->250 OK
01/23/2008 12:16:38 PM [004] DEBUG: <-DATA
01/23/2008 12:16:38 PM [004] DEBUG: ->354 Send data now
01/23/2008 12:16:38 PM [004] Adding From field to mail
01/23/2008 12:16:39 PM [004] WARNING: ISE Error (10061): (Sock Connect)
[10061] Connection refused
01/23/2008 12:16:40 PM [004] DEBUG: ->250 Data received ok
01/23/2008 12:16:40 PM [004] RELAY (d1aa11fca26b3d468677a7e9098624c5)
mail [192.168.1.16] <[EMAIL PROTECTED]>
[EMAIL PROTECTED] 14920
01/23/2008 12:16:40 PM [004] DEBUG: <-QUIT
01/23/2008 12:16:40 PM [004] DEBUG: ->221 Goodbye, mail.gpsnet.com
01/23/2008 12:16:40 PM [004] mail [192.168.1.16] Disconnected (5 total)
Thoughts anyone?
Steve
--
==^=======================================================
This list server is Powered by iMS "The Swiss Army Knife of Mail Servers"
--------------------------------------------------------------------------------------
This list is provided as a free service. Although we will try to address issues
in a timely manner, support via this list is not guaranteed. If you require
expedited
support then a support contract is required. Support may be purchased from
http://www.coolfusion.com/commerce. Details regarding support options may be
reviewed
at: http://www.coolfusion.com/SupportOptions.cfm
--------------------------------------------------------------------------------------
To leave this list please complete the form at
http://www.coolfusion.com/Support/
Need an iMS Developer license? Sign up for a free license here:
http://www.coolfusion.com/Developers/
List archives: http://www.coolfusion.com/cfbb/
Note: You are subscribed as archive_jab_org / [EMAIL PROTECTED]
==^=======================================================
