That is one log I didn't check. I just checked the server.log, and it only had entries from the time I did a restart of the server which was about 30 minutes ago. Are the server.log archived in same manner as the other files? But since you did the test, I can assume for now that my system at this point is not allowing relays to occur?
I really appreciate all the help Vince! Danny Mallory <[EMAIL PROTECTED]> wrote: >Does your server.log show any relay attempt denys? > >At 10/13/2001 03:53 PM, you wrote: > >>Hello Danny, >> >>Yes sir that is my mail server. Thank you very much for doing the test. >>I am not sure how the relaying was being done? I guess everything is ok >>now? Here is a sample of the smtp file I was looking at I am not including >>the actual ip address But as far as I can tell looks like this person was >>trying to relay through me? I have about 50 of these with the same ip address >>doing the relaying. I did a ip block here so I know who knowns the ip. Wonder >>if I should send the smtp log to the ip owner or just drop >>it? [13/Oct/2001:00:05:02 >>-0400] OK [000.00.000.00] [HELO] [0 bytes] xxx.xxx.xx.com[13/Oct/2001:00:05:02 >>-0400] OK [] [MAIL] [0 bytes] From: <[EMAIL PROTECTED]> >>[13/Oct/2001:00:05:03 -0400] OK [xxx.xx.xxx.xx] [RCPT] [0 bytes] >>To:<[EMAIL PROTECTED]> >> >>Danny Mallory <[EMAIL PROTECTED]> wrote: >> >Assuming 216.68.165.38 is the mail server your questioning. I just >> >attempted to relay some >> >mail through it and got stopped with Require AUTH. >> > >> >The message could not be sent because one of the recipients was rejected >>by >> >the server. The rejected e-mail address was '[EMAIL PROTECTED]'. >> >> >Subject 'Testing 216.68.165.38 mail server', Account: 'letvffkeyit.com', >> >> >Server: '216.68.165.38', Protocol: SMTP, Server Response: '501 Invalid mail >> >> >recipient. Relay requires SMTP AUTH.', Port: 25, Secure(SSL): No, Server >> >> >Error: 501, Error Number: 0x800CCC79 >> > >> > >> >Danny >> > >> >At 10/13/2001 02:05 PM, you wrote: >> >>Hello Danny, and thanks for the help. I am still using version 5.0 here >>since >> >>it has been rock solid. I looked in my SMTP log and found one ip relaying >> >>a bunch of mail that were not for my users. I was under the impression >>that >> >>if the mail is not for a user of your system, that the smtp will not go >> >> >>through? >> >> Not sure what happened? . I thought if restrict ip address was left >>blank, >> >>an SMTP user may login from any host or has this changed with any newer >> >> >>version >> >>of Sambar? Thanks again have a great afternoon! >> >>Vince >> >>Danny Mallory <[EMAIL PROTECTED]> wrote: >> >> >Require auth overrides relaying. If someone compromised one of your email >> >> >> >> >addresses >> >> >and password then they could have sent mail. Also, not sure what version >> >> >> >> >your at but >> >> >there was a known issue with the IP address in the restrict IP cause >>to >> >> >> >> >open you up >> >> >for relay break both require auth and restrict relay.. >> >> > >> >> >Try changing your restrict IP address to blank.. >> >> > >> >> >Danny >> >> > >> >> >At 10/13/2001 01:03 PM, you wrote: >> >> > >> >> >>Hello everyone, and hope everyone is doing well? >> >> >>I have a question about smtp relay. I have been using Sambar for a >>while >> >> >>now, and all seemed to be working great. It sure is a great program. >>I >> >>haven't >> >> >>touched anything, so I am not sure how someone was successfull in using >> >>my >> >> >>sambar mail server as a relay? I did trace the ip and blocked it using >> >> >> >> >>Blackice, >> >> >>but I am concerned in this happening again with all these attacks going >> >>on >> >> >>such as the Red Worm etc! >> >> >> >> >> >>I am turning to my fellow sambar users for help. Here is what I have >>in >> >> >>my config file. Am I missing something? Thanks in advance >> >> >> >> >> >>Vince >> >> >> >> >> >>Run SMTPD: Yes >> >> >>Relay Delivery: Forward immediately >> >> >>Relay Domains: I don't have anything in here >> >> >>Use MTA: Yes >> >> >>Unknown Mailbox: Null >> >> >>Require Auth: Yes >> >> >>Restrict Relay: Yes >> >> >>Restrict Relay IP: 127.0.0.1 >> >> >>Relay from User: I don't have anything here >> >> >> >> >> >> >> >> >>------------------------------------------------------------------------ >> >> >> -------- >> >> >>For unsubscription of this list send an email to [EMAIL PROTECTED] >>with >> >> >> >> >>email >> >> >>data containing unsubscribe emailadd sambar >> >> > >> >> > >> >> > >> >> > >> >> >------------------------------------------------------------------------- >> >> >> ------- >> >> >For unsubscription of this list send an email to [EMAIL PROTECTED] >>with >> >>email >> >> >data containing unsubscribe emailadd sambar >> >> > >> >> >> >> >> >>------------------------------------------------------------------------ >> -------- >> >>For unsubscription of this list send an email to [EMAIL PROTECTED] with >> >> >>email >> >>data containing unsubscribe emailadd sambar >> > >> > >> > >> > >> >------------------------------------------------------------------------- >> ------- >> >For unsubscription of this list send an email to [EMAIL PROTECTED] with >>email >> >data containing unsubscribe emailadd sambar >> > >> >> >>-------------------------------------------------------------------------------- >>For unsubscription of this list send an email to [EMAIL PROTECTED] with >>email >>data containing unsubscribe emailadd sambar > > > > >-------------------------------------------------------------------------------- >For unsubscription of this list send an email to [EMAIL PROTECTED] with email >data containing unsubscribe emailadd sambar > -------------------------------------------------------------------------------- For unsubscription of this list send an email to [EMAIL PROTECTED] with email data containing unsubscribe emailadd sambar
