[vchkpw] [SPAM] Re: [vchkpw] [SPAM] Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp
The submission entries outside the US could very well be from hacked accounts. I'm finding a surprising number of compromised accounts (once a week?), including users with good passwords, so I have to assume they're snooped on public wireless, or their computers are compromised by malware of some sort. The vckpw-smtp entries from outside the US are probably also hacked accounts, since mail received from remote servers doesn't include authentication. Sorry I wasn't thinking clearly in my previous response -- I forgot these were vchkpw entries and are only related to authentication. I was thinking about qmail logs. -Tom On Mar 4, 2014, at 10:43 PM, LHTek wrote: > Thanks for the reply. > > NOTE: None of my users will have sent anything from outside the US. > > I've got some log entries for vchkpw-submission (marked as successful in the > log) with non-US IP's (Russia, Egypt, Honk Kong, etc). In my analysis I'm > marking those entries as hacked accounts. > > From what I read from your response, vchkpw-smtp (marked as successful in the > log) entries could be mail sent TO my server FROM another server on port 25. > That tells me those are probably safe submissions - even if they are from > overseas IPs. Am I thinking correctly? > > > > > From: Tom Collins > To: vchkpw@inter7.com > Sent: Wednesday, March 5, 2014 12:02 AM > Subject: Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp > > vchkpw-submission is on port 587, and is typically used for emai clients > relaying mail. It's often set up to require authentication. > > vchkpw-smtp is on port 25, and can be used for email clients to relay mail, > or by other servers delivering mail to your server. > > -Tom > > > On Mar 4, 2014, at 9:41 PM, LHTek wrote: > >> In the /var/log/maillog file what is the difference between these 2 entries >> (vchkpw-submission, vchkpw-smtp)? >> >> example: >> Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission: (PLAIN) login >> success t...@domain.com:64.185.3.238 >> Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp: (PLAIN) login success >> t...@domain.com:64.57.239.114 >> >> > > > > !DSPAM:5316cae034263249811152!
[vchkpw] [SPAM] Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp
Thanks for the reply. NOTE: None of my users will have sent anything from outside the US. I've got some log entries for vchkpw-submission (marked as successful in the log) with non-US IP's (Russia, Egypt, Honk Kong, etc).In my analysis I'm marking those entries as hacked accounts. >From what I read from your response, vchkpw-smtp (marked as successful in the >log) entries could be mail sent TO my server FROM another server on port 25. >That tells me those are probably safe submissions - even if they are from >overseas IPs. Am I thinking correctly? > > From: Tom Collins >To: vchkpw@inter7.com >Sent: Wednesday, March 5, 2014 12:02 AM >Subject: Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp > > > >vchkpw-submission is on port 587, and is typically used for emai clients >relaying mail. It's often set up to require authentication. > > >vchkpw-smtp is on port 25, and can be used for email clients to relay mail, or >by other servers delivering mail to your server. > > >-Tom > > >On Mar 4, 2014, at 9:41 PM, LHTek wrote: > >In the /var/log/maillog file what is the difference between these 2 entries >(vchkpw-submission, vchkpw-smtp)? >> >> >>example: >>Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission: (PLAIN) login >>success t...@domain.com:64.185.3.238 >> >>Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp: (PLAIN) login success >>t...@domain.com:64.57.239.114 >> >> >> >> > > > !DSPAM:5316c7aa34265248780387!
[vchkpw] [SPAM] Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp
Cher Client, Nous avons bien reçu votre e-mail et nous vous en remercions. Nos collaborateurs le traiteront aussi rapidement que possible. Attention : ceci est une réponse automatique. Vous ne pouvez donc pas y répondre. Veuillez agréer nos salutations distinguées. BNP Paribas Fortis SA T : +32(0)2 762 20 00 Montagne du Parc 3, 1QA5E, 1000 Bruxelles | www.bnpparibasfortis.be Geachte klant, Wij hebben uw e-mail goed ontvangen, waarvoor dank. Onze medewerkers zullen uw vraag zo snel mogelijk beantwoorden. Opgelet : dit is een automatisch bericht. Hierop kan u geen antwoord versturen. Met vriendelijke groeten, BNP Paribas Fortis NV T : +32(0)2 762 60 00 Warandeberg 3, 1QA5E, 1000 Brussel | www.bnpparibasfortis.be Dear customer, We hereby acknowledge receipt of your e-mail. Thank you. Our staff will answer your query as soon as possible. Careful: This is an automatic message. Please do not reply. Yours sincerely, BNP Paribas Fortis SA/NV T : +32(0)2 261 11 11 Warandeberg 3, 1QA5E, 1000 Brussels | www.bnpparibasfortis.be Sehr geehrte Kundin, sehr geehrter Kunde, Wir danken Ihnen für Ihre E-Mail. Unsere Mitarbeiter werden Ihnen so schnell wie möglich antworten. Achtung: dies ist eine automatische Nachricht. Sie können sie folglich nicht beantworten. Freundliche Grüße BNP Paribas Fortis SA/NV T : +32(0)2 261 11 11 Warandeberg 3, 1QA5E, 1000 Brussel | www.bnpparibasfortis.be - Original Message - From: Tom Collins Sent: Tuesday, March 4, 2014 10:02:12 PM GMT-08:00 Subject: Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp vchkpw-submission is on port 587, and is typically used for emai clients relaying mail. It's often set up to require authentication. vchkpw-smtp is on port 25, and can be used for email clients to relay mail, or by other servers delivering mail to your server. -Tom On Mar 4, 2014, at 9:41 PM, LHTek wrote: > In the /var/log/maillog file what is the difference between these 2 entries > (vchkpw-submission, vchkpw-smtp)? > > example: > Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission: (PLAIN) login > success t...@domain.com:64.185.3.238 > Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp: (PLAIN) login success > t...@domain.com:64.57.239.114 > > > == BNP Paribas Fortis disclaimer: http://www.bnpparibasfortis.com/e-mail-disclaimer.html BNP Paribas Fortis privacy policy: http://www.bnpparibasfortis.com/privacy-policy.html == !DSPAM:5316be7c34261148094982!
Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp
vchkpw-submission is on port 587, and is typically used for emai clients relaying mail. It's often set up to require authentication. vchkpw-smtp is on port 25, and can be used for email clients to relay mail, or by other servers delivering mail to your server. -Tom On Mar 4, 2014, at 9:41 PM, LHTek wrote: > In the /var/log/maillog file what is the difference between these 2 entries > (vchkpw-submission, vchkpw-smtp)? > > example: > Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission: (PLAIN) login > success t...@domain.com:64.185.3.238 > Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp: (PLAIN) login success > t...@domain.com:64.57.239.114 > > > !DSPAM:5316bde734268482773211!
[vchkpw] [SPAM] Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp
Cher Client, Nous avons bien reçu votre e-mail et nous vous en remercions. Nos collaborateurs le traiteront aussi rapidement que possible. Attention : ceci est une réponse automatique. Vous ne pouvez donc pas y répondre. Veuillez agréer nos salutations distinguées. BNP Paribas Fortis SA T : +32(0)2 762 20 00 Montagne du Parc 3, 1QA5E, 1000 Bruxelles | www.bnpparibasfortis.be Geachte klant, Wij hebben uw e-mail goed ontvangen, waarvoor dank. Onze medewerkers zullen uw vraag zo snel mogelijk beantwoorden. Opgelet : dit is een automatisch bericht. Hierop kan u geen antwoord versturen. Met vriendelijke groeten, BNP Paribas Fortis NV T : +32(0)2 762 60 00 Warandeberg 3, 1QA5E, 1000 Brussel | www.bnpparibasfortis.be Dear customer, We hereby acknowledge receipt of your e-mail. Thank you. Our staff will answer your query as soon as possible. Careful: This is an automatic message. Please do not reply. Yours sincerely, BNP Paribas Fortis SA/NV T : +32(0)2 261 11 11 Warandeberg 3, 1QA5E, 1000 Brussels | www.bnpparibasfortis.be Sehr geehrte Kundin, sehr geehrter Kunde, Wir danken Ihnen für Ihre E-Mail. Unsere Mitarbeiter werden Ihnen so schnell wie möglich antworten. Achtung: dies ist eine automatische Nachricht. Sie können sie folglich nicht beantworten. Freundliche Grüße BNP Paribas Fortis SA/NV T : +32(0)2 261 11 11 Warandeberg 3, 1QA5E, 1000 Brussel | www.bnpparibasfortis.be - Original Message - From: LHTek Sent: Tuesday, March 4, 2014 9:41:18 PM GMT-08:00 Subject: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp In the /var/log/maillog file what is the difference between these 2 entries (vchkpw-submission, vchkpw-smtp)? example: Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission: (PLAIN) login success t...@domain.com:64.185.3.238 Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp: (PLAIN) login success t...@domain.com:64.57.239.114 == BNP Paribas Fortis disclaimer: http://www.bnpparibasfortis.com/e-mail-disclaimer.html BNP Paribas Fortis privacy policy: http://www.bnpparibasfortis.com/privacy-policy.html == !DSPAM:5316ba7434262017919841!
[vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp
In the /var/log/maillog file what is the difference between these 2 entries (vchkpw-submission, vchkpw-smtp)? example: Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission: (PLAIN) login success t...@domain.com:64.185.3.238 Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp: (PLAIN) login success t...@domain.com:64.57.239.114 !DSPAM:5316b90234262261610445!