These are submissions from an authenticated account (what "relaying
rcpt" means). I normally see these in the submission (port 587) log, as
my users are configured to use port 587 instead of port 25. If the
197.254.125.102 address isn't Ken's computer, then I'd say his password
has been compromised, and change it. I'm guessing this is the case. If
this is Ken's computer, then I expect you'll find some malware on his
computer. In either case, I'd change his password.
--
-Eric 'shubes'
On 06/07/2012 07:06 PM, Tony White wrote:
Hello Eric,
Inserted is a snippet of my log for last night.
-- log insert ------------------------------------------
@400000004fcb49a336ca19a4 CHKUSER accepted sender: from
<kenwri...@gmail.com:waver...@nnn.com.au:> remote
<nnn.com.au;waver...@nnn.com.au:unknown:197.254.125.102> rcpt <> :
sender accepted
@400000004fcb49a40059e1c4 tcpserver: end 30219 status 0
@400000004fcb49a40059e5ac tcpserver: status: 3/100
@400000004fcb49a43935030c CHKUSER relaying rcpt: from
<kenwri...@gmail.com:waver...@nnn.com.au:> remote
<nnn.com.au;waver...@nnn.com.au:unknown:197.254.125.102> rcpt
<hofmann-zuha...@t-online.de> : client allowed to relay
@400000004fcb49a4393535d4 policy_check: local waver...@nnn.com.au ->
remote hofmann-zuha...@t-online.de (AUTHENTICATED SENDER)
@400000004fcb49a43935ca44 policy_check: policy allows transmission
@400000004fcb49a53b033b2c CHKUSER relaying rcpt: from
<kenwri...@gmail.com:waver...@nnn.com.au:> remote
<nnn.com.au;waver...@nnn.com.au:unknown:197.254.125.102> rcpt
<<hofmatth...@hotmail.com> : client allowed to relay
@400000004fcb49a53b03623c policy_check: local waver...@nnn.com.au ->
remote <hofmatth...@hotmail.com (AUTHENTICATED SENDER)
@400000004fcb49a53b03a4a4 policy_check: policy allows transmission
@400000004fcb49a613fde5a4 tcpserver: end 30223 status 0
@400000004fcb49a613fe08cc tcpserver: status: 2/100
@400000004fcb49a702104454 CHKUSER relaying rcpt: from
<kenwri...@gmail.com:waver...@nnn.com.au:> remote
<nnn.com.au;waver...@nnn.com.au:unknown:197.254.125.102> rcpt
<<hof...@aol.com> : client allowed to relay
@400000004fcb49a702106f4c policy_check: local waver...@nnn.com.au ->
remote <hof...@aol.com (AUTHENTICATED SENDER)
@400000004fcb49a70210adcc policy_check: policy allows transmission
@400000004fcb49a8033f8524 CHKUSER relaying rcpt: from
<kenwri...@gmail.com:waver...@nnn.com.au:> remote
<nnn.com.au;waver...@nnn.com.au:unknown:197.254.125.102> rcpt
<<hofn...@aol.com> : client allowed to relay
@400000004fcb49a8033fb404 policy_check: local waver...@nnn.com.au ->
remote <hofn...@aol.com (AUTHENTICATED SENDER)
@400000004fcb49a8033fee9c policy_check: policy allows transmission
--- log insert end ------------------------------------
best wishes
Tony White
On 08/06/2012 11:44, Tony White wrote:
Hi Eric,
Update: At this stage I think it is email from a valid account.,
The owner of the account will be in later today and I will test
for virus/Trojans.
best wishes
Tony White
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
