yah its from the same ip. i have added this ip to my blacklist. and i tested my server for open relay and it is not an open relay. thanks.
On 1/13/07, South Computers <[EMAIL PROTECTED]> wrote:
Looked up the ip, ran a port scan. It appears to be the mail server for marketingmad.net, which turns out to be a site that provides services to realtors. Of course, it's a windoze box, so it could be compromised, but it looks more like a misconfiguration on their end, or a realtor trying to figure out how to use their mailing list. You could always try the normal open relay tests out there. I installed one of the scripts i found here: http://www.southcomputers.com/relaytest.php It takes a minute or two to run, so be patient with it. No idea how good or accurate it is, did not write it:-) Is it always coming from the same ip address? Maybe block them with your firweall, or iptables? slamp slamp wrote: > I am flooded with these messages. does it mean my server is open for > relay? should i be worried? > > tcpserver: ok 32516 mail.mydomain.com:192 > <http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32413 > user invalid "null" > tcpserver: ok 32518 mail.mydomain.com:192 > <http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32414 > user invalid "null" > user invalid "null" > tcpserver: ok 32521 mail.mydomain.com:192 > <http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32415 > tcpserver: ok 32522 mail.mydomain.com:192 > <http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32416 > tcpserver: ok 32524 mail.mydomain.com:192 > <http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32417 > user invalid "null" > user invalid "null" > user invalid "null" > tcpserver: ok 32527 mail.mydomain.com:192 > <http://mail.mydomain.com:192>.168.1.2:25 :75.5.19.70::32418 > user invalid "null" > user invalid "null" > user invalid "null" > user invalid "null" > user invalid "null" > user invalid "null" > > > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null": 75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null": 75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null": 75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null": 75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> > vchkpw-smtp: invalid user/domain characters "null":75.5.19.70 > <http://75.5.19.70> --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]