Re: [courier-users] Help with apparent relaying problem

Sat, 26 Dec 2009 06:43:00 -0800 

Ken Sarkies writes:
Dec 24 01:08:02 hta21 courierd: newmsg,id=00055639.4B322B44.000076CB: dns; User (rrcs-24-105-132-156.nyc.biz.rr.com [::ffff:24.105.132.156]) Dec 24 01:08:02 hta21 courierd: started,id=00055639.4B322B44.000076CB,from=<[email protected]>,module=esmtp,host=hotels.com,addr=<[email protected]> 


There were a number of following outgoing mails with the same id which 
apparently derived from the original. In the (daylight saving ignorant) 
router log



Dec 24 00:08:03 router Vigor: Virtual Server: 24.105.132.156:18623 -> 
192.168.1.2:25 (TCP) SMTP


showing a definite connection to our mailserver from outside.


Is there any configuration mistake that we may have made that would 
allow this (or are we reading the logs incorrectly)? We have worked 
through the documentation many times over the years and cannot identify 
any other setting that might open us up. Can anyone please provide 
advice that may help us track this down. I won't dump all our 
configuration to the list just yet, awaiting advice.



We are updating Courier to the latest version, although I don't remember 
seeing any critical fixes since the version we have.



One of your users probably has his PC hacked, and it's being used to spew 
spam. From your standpoint, your user validly authenticated through your 
mail server, and is sending authenticated mail.



The information needed to identify your user can be pulled from the log 
files. In your older version, the authentication information was not readily 
available. It had to be dug up with a bit of effort. In the newer version 
the authentication logs needed to identify the userid is a little easier to 
find. In the new version, the authentication information gets recorded 
directly in syslog.


Attachment:
pgpjqMz89I2cq.pgp

Description: PGP signature


------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users






















					Reply via email to