Re: I think I'm being relayed through, but I don't know how.

[Kourosh Ghassemieh]

Well, what do the logs say?

It's possible that a spammer sent mail to random addresses
in one of your hosted domains and had them listed in the BCC:
field.  The return address being forged as to be from mindless.com.
Since the users in your domain are non-existent the messages
are trying to bounce to the sender, which is refusing some of them
as being non-existent as well.   You'll see them double-bounce
once they time out.  I'm not that experienced at reading headers
so I'm not 100% certain but sounds logical.

Again, what do the logs say?  They can help quite a bit in diagnosing
problems.  You should be able to find when they came in and from
where and why they are being refused, if they are.

What do the logs say?

At 04:40 PM 6/6/2001 -0500, you wrote:
> > From:  Kourosh Ghassemieh <[EMAIL PROTECTED]>
> > Date:  Wed, 06 Jun 2001 14:36:59 -0700
> >
> >
> > Actually, it looks like they tried to send to those users but
> > you don't have them and they bounced.  If they forged the
> > sender then the bounce can't go through and you'll eventually
> > get a double bounce to postmaster.  That's happened to me
> > a couple of times.  Check the logs to see what they say.
> > According to your tcp.smtp.cdb file you're not an open relay.
>
>But my point is that mindless.com isn't even my domain.  The ones that say
>'done' were relayed and shouldn't have been.  The attempt to send to
>mindless.com should have been rejected by tcpserver because it's not in my
>control/locals.
>
>Chris
>
> > At 01:44 PM 6/6/2001 -0500, you wrote:
> > >I've got this in my queue:
> > >
> > >5 Jun 2001 14:44:17 GMT  #48256  5651  <[EMAIL PROTECTED]>
> > >         remote  [EMAIL PROTECTED]
> > >   done  remote  [EMAIL PROTECTED]
> > >   done  remote  [EMAIL PROTECTED]
> > >         remote  [EMAIL PROTECTED]
> > >   done  remote  [EMAIL PROTECTED]
> > >   done  remote  [EMAIL PROTECTED]
> > >         remote  [EMAIL PROTECTED]
> > >   done  remote  [EMAIL PROTECTED]
> > >         remote  [EMAIL PROTECTED]
> > >         remote  [EMAIL PROTECTED]
> > >   done  remote  [EMAIL PROTECTED]
> > >   done  remote  [EMAIL PROTECTED]
> > >         remote  [EMAIL PROTECTED]
> > >         remote  [EMAIL PROTECTED]
> > >
> > >Neither mail.com nor mindless.com are my domains
> > ><snipped>
>
>--
>Chris Garrigues                 http://www.DeepEddy.Com/~cwg/
>virCIO                          http://www.virCIO.Com
>4314 Avenue C
>Austin, TX  78751-3709          +1 512 374 0500
>
>   My email address is an experiment in SPAM elimination.  For an
>   explanation of what we're doing, see http://www.DeepEddy.Com/tms.html
>
>     Nobody ever got fired for buying Microsoft,
>       but they could get fired for relying on Microsoft.
>
>

-
------------------------------------------------------------------------
Kourosh Ghassemieh
MindWare Information Systems & Technologies
9255 Sunset Blvd, Penthouse
West Hollywood CA 90069
(310) 729-1784
[EMAIL PROTECTED]

++++Networking Solutions for Your Business++++