On 15 Jan 2007, at 20:49, Rob Arends wrote: > 4. > What did you find in your logs? > Anything abnormal from IPs other than 10.10.10.99? > Your scripts on the server - are they webforms where email can be sent? (you > know, "contact us" forms) > There are known vulnerabilities in some web forms where they are used to > send spam. > I'd check if the volume of emails from your scripts is abnormally high. > > The problem you have is not to do with xmail (unless you've made it an open > relay). > The problem will be in your scripts or some other source of emails. > Your logs will have the answers, analyze them !! > > To check if your xmail is an open relay, use the following test. > From the xmail server, telnet to: relay-test.mail-abuse.org > The server there will open a connection to tcp/25 on the ip address that you > are sending from and issue a dozen or so relay tests. > The progress is issued back to your telnet session. > This needs to report a closed relay.
In an earler post Erwin mentioned he'd already checked with abuse.net and failed a relay attempt (see below). When I used abuse.net so it would detect xmail relaying (it wasn't actually), it didn't continue past the failed attempt whilst with normal xmail setup there have been 17 failed relay attempts when test is passed. I don't think anyone picked up on that message to request further details. I was offline for a while and now on dialup for a few weeks. David ############# Another question (sorry about this but as you might guess I'm not really a computer wiz). I've tested relaying at abuse.net and my xmail server accepted a third party mail relay. This cannot be good right? ############# - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
