Here is the entry from the mail.ini file Restrict Relay = true Restrict Relay IPs =
I've never been an open relay (that I know of anyway). This one is driving me crazy! I'm having the user scan for viruses and I've deleted her account until I can figure this out. What has me baffled is that the 127.0.0.1 entries are using AUTH lo login with the correct username and password! This is a little scary. Paul -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Sent: Monday, November 24, 2003 11:42 AM To: sambar List Member Subject: [sambar] Mail Hack? Paul Check your mail.ini for this line Restrict Relay IPs = and make sure you do not have anything in in. It should be blank. -----Original Message----- From: "Paul Alger \(Ironclad\)" <[EMAIL PROTECTED]> To: "sambar List Member" <[EMAIL PROTECTED]> Date: Mon, 24 Nov 2003 11:30:58 -0800 Subject: [sambar] Mail Hack? > I'm seeing this disturbing entries in the smtp log and can't figure > out what is going on. > Please help! I have a valid user ([EMAIL PROTECTED]) It looks like > the host sends a message to her then sends a ton of messages using my > localhost ip?? > > Does anyone know what is going on here? BTW, none of these messages > seem to show up in Nancy's mailbox adding to my bewilderment. > > [2003-11-24 08:04:03] OK [18942864] [80.57.67.222] [HELO] > g67222.upc-g.chello.nl > [2003-11-24 08:04:03] OK [18942864] [80.57.67.222] [MAIL] FROM: > <[EMAIL PROTECTED]> > [2003-11-24 08:04:04] OK [18942864] [80.57.67.222] [RCPT] TO: > <[EMAIL PROTECTED]> > [2003-11-24 08:04:07] OK [18942864] [80.57.67.222] [DATA] [1381 bytes] > ... > [2003-11-24 08:04:08] OK [18942864] [80.57.67.222] [QUIT] > [2003-11-24 08:04:08] OK [18942864] [80.57.67.222] [DISCONNECT] > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [CONNECT] > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [HELO] ns1 > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [AUTH] LOGIN bmFuY3k= > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [AUTH Passwd] > MW5hbmN5IQ== > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [MAIL] Vrom: > <[EMAIL PROTECTED]> > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [RCPT] To: > <[EMAIL PROTECTED]> > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [DATA] [1502 bytes] ... > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [QUIT] > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [DISCONNECT] > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [CONNECT] > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [HELO] ns1 > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [AUTH] LOGIN bmFuY3k= > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [AUTH Passwd] > MW5hbmN5IQ== > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [MAIL] Vrom: > <[EMAIL PROTECTED]> > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [RCPT] To: > <[EMAIL PROTECTED]> > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [DATA] [1624 bytes] ... > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [QUIT] > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [DISCONNECT] > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [CONNECT] > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [HELO] ns1 > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [AUTH] LOGIN bmFuY3k= > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [AUTH Passwd] > MW5hbmN5IQ== > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [MAIL] Vrom: > <[EMAIL PROTECTED]> > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [RCPT] To: > <[EMAIL PROTECTED]> > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [DATA] [1746 bytes] ... > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [QUIT] > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [DISCONNECT] > > ... And the messages keep coming and coming... > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.542 / Virus Database: 336 - Release Date: 11/18/2003 > > > > > ------------------------------------------------------- > To unsubscribe please go to http://www.sambar.ch/list/ > > ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/ --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.542 / Virus Database: 336 - Release Date: 11/18/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.542 / Virus Database: 336 - Release Date: 11/18/2003 ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
