little off topic: Am I an open relay?
Jason Williams
jwilliams at COURTESYMORTGAGE.COM
Tue Jun 7 00:00:10 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
I ran a few quick open-relay tests and I am denying them.
Either I am way too tired and im missing something blatantly obvious, or
im just over-reacting.
I appreciate the help.
Jason
Jason Williams wrote:
> Something very odd is happening and im a little concerned and im
> turning to the boards here for some help.
>
> I have a mailgateway running here and so far, it has been perfect. All
> of the sudden, im seeing odd stuff from monster.com and yahoo.com.
>
> Here is a snip:
>
> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390:
> from=<support at monster.com>, size=1333, class=0, nrcpts=1,
> msgid=<200506062245.j56Mjj3x084146 at corpmail.courtesymortgage.com>,
> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com
> [xxx.xxx.xx.xx]
>
> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390:
> to=<bmalcolm at monster.com>, delay=00:00:01, mailer=esmtp, pri=31333,
> stat=queued
> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1
> messages, 1899 bytes
> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting
> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning:
> Starting
> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing fraud
> from 205.138.199.146 in j56Mlt20034390
> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and
> have disarmed HTML message in j56Mlt20034390 from support at monster.com
> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 messages
> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390:
> to=<bmalcolm at monster.com>, delay=00:00:07, xdelay=00:00:02,
> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net.
> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message accepted
> for delivery)
>
> I'm looking at this and it almost seems as if im an open relay!!
>
> Ok...great.
>
> here is my setup
>
> MS: 4-41.3
> sendmail: 8.12.11
>
> If I am an open relay, anyone here that can help me out. Email me at
> liquid.proxy at gmail.com while I determine what the hell is going on.
>
> Thanks
>
> Jason
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list