All the mail are sent to a registrated user, so there is no need for the sender to use AUTH - and you don't know if he is using the correct username and password, do you?
And if you got "Always Allow localhost = true" in your mail.ini, local host never need to AUTH - I think... haven't been testing this... Is there any way to spoff localhost? Is there any chance, the sender is using a mailform or something like that on your server? Do you have the file mailit.pl in you cgi-bin? Claus On 24/Nov/2003 11:50:42, Paul Alger \(Ironclad\) wrote: > Here is the entry from the mail.ini file > > Restrict Relay = true > Restrict Relay IPs = > > I've never been an open relay (that I know of anyway). This one is driving > me crazy! I'm having the user scan for viruses and I've deleted her account > until I can figure this out. > > What has me baffled is that the 127.0.0.1 entries are using AUTH lo login > with the correct username and password! This is a little scary. > > Paul > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Peter > Sent: Monday, November 24, 2003 11:42 AM > To: sambar List Member > Subject: [sambar] Mail Hack? > > Paul > Check your mail.ini for this line Restrict Relay IPs = and make sure you do > not have anything in in. It should be blank. > > -----Original Message----- > From: "Paul Alger \(Ironclad\)" <[EMAIL PROTECTED]> > To: "sambar List Member" <[EMAIL PROTECTED]> > Date: Mon, 24 Nov 2003 11:30:58 -0800 > Subject: [sambar] Mail Hack? > > > I'm seeing this disturbing entries in the smtp log and can't figure > > out what is going on. > > Please help! I have a valid user ([EMAIL PROTECTED]) It looks like > > the host sends a message to her then sends a ton of messages using my > > localhost ip?? > > > > Does anyone know what is going on here? BTW, none of these messages > > seem to show up in Nancy's mailbox adding to my bewilderment. > > > > [2003-11-24 08:04:03] OK [18942864] [80.57.67.222] [HELO] > > g67222.upc-g.chello.nl > > [2003-11-24 08:04:03] OK [18942864] [80.57.67.222] [MAIL] FROM: > > <[EMAIL PROTECTED]> > > [2003-11-24 08:04:04] OK [18942864] [80.57.67.222] [RCPT] TO: > > <[EMAIL PROTECTED]> > > [2003-11-24 08:04:07] OK [18942864] [80.57.67.222] [DATA] [1381 bytes] > > ... > > [2003-11-24 08:04:08] OK [18942864] [80.57.67.222] [QUIT] > > [2003-11-24 08:04:08] OK [18942864] [80.57.67.222] [DISCONNECT] > > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [CONNECT] > > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [HELO] ns1 > > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [AUTH] LOGIN bmFuY3k= > > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [AUTH Passwd] > > MW5hbmN5IQ== > > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [MAIL] Vrom: > > <[EMAIL PROTECTED]> > > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [RCPT] To: > > <[EMAIL PROTECTED]> > > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [DATA] [1502 bytes] ... > > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [QUIT] > > [2003-11-24 08:04:12] OK [38430176] [127.0.0.1] [DISCONNECT] > > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [CONNECT] > > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [HELO] ns1 > > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [AUTH] LOGIN bmFuY3k= > > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [AUTH Passwd] > > MW5hbmN5IQ== > > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [MAIL] Vrom: > > <[EMAIL PROTECTED]> > > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [RCPT] To: > > <[EMAIL PROTECTED]> > > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [DATA] [1624 bytes] ... > > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [QUIT] > > [2003-11-24 08:04:12] OK [19022992] [127.0.0.1] [DISCONNECT] > > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [CONNECT] > > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [HELO] ns1 > > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [AUTH] LOGIN bmFuY3k= > > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [AUTH Passwd] > > MW5hbmN5IQ== > > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [MAIL] Vrom: > > <[EMAIL PROTECTED]> > > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [RCPT] To: > > <[EMAIL PROTECTED]> > > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [DATA] [1746 bytes] ... > > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [QUIT] > > [2003-11-24 08:04:12] OK [19689832] [127.0.0.1] [DISCONNECT] > > > > ... And the messages keep coming and coming... > > > > --- > > Outgoing mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.542 / Virus Database: 336 - Release Date: 11/18/2003 > > > > > > > > > > ------------------------------------------------------- > > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > > ------------------------------------------------------- > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.542 / Virus Database: 336 - Release Date: 11/18/2003 > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.542 / Virus Database: 336 - Release Date: 11/18/2003 > > > > > ------------------------------------------------------- > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
