Re: Open Relay woes!
From: Les Connor [SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 08/11/04
- Next message: Les Connor [SBS MVP]: "Re: Page Cannot Be Displayed"
- Previous message: Chris Jones: "Re: CPU 100%"
- In reply to: AJ: "Re: Open Relay woes!"
- Next in thread: Thomas W Shinder [MVP]: "Re: Open Relay woes!"
- Reply: Thomas W Shinder [MVP]: "Re: Open Relay woes!"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Aug 2004 08:26:17 -0500
AJ,
All email for potterarchitects.com is accepted. Your mail server checks the
recipient, and if it is not valid, an NDR is generated and returned the
sender. This is the way mail servers are supposed to work.
Unfortunately, bad guys have taken advantage of this and the result is what
you are experiencing. So, as Doug has said (and is one of the steps in the
article you are following) - filtering the recipients and turning off NDRs
is a way to put a stop to this behaviour. One of the downsides is that
legitamate senders, who may have made a spelling mistake in your email
address (for example), will not receive an NDR to let them know their mail
was not delivered. However, in the current climate this is the lesser of the
evils, as the alternative is to risk the possibility of no email at all.
-- Les Connor [SBS MVP] ------------------------------------- SBS Rocks ! "AJ" <google@griglak.com> wrote in message news:9e905a39.0408102046.3953f98f@posting.google.com... > Guys, thanks for all your replies. > > Clevere: Logging is enabled. Here are some lines from the log: > > 2004-08-11 00:04:27 221.140.105.114 221.140.105.114 SMTPSVC1 SERVER03 > 192.168.1.3 0 RCPT - +TO:+<stevevoth@potterarchitects.com> 250 0 43 41 > 0 SMTP - - - - > 2004-08-11 00:04:27 218.159.26.71 218.159.26.71 SMTPSVC1 SERVER03 > 192.168.1.3 0 RCPT - +TO:+<sharp@potterarchitects.com> 250 0 39 37 0 > SMTP - - - - > 2004-08-11 00:04:27 220.147.117.90 220.147.117.90 SMTPSVC1 SERVER03 > 192.168.1.3 0 RCPT - +TO:+<swtexgurli@potterarchitects.com> 250 0 44 > 42 0 SMTP - - - - > 2004-08-11 00:04:27 221.140.105.114 221.140.105.114 SMTPSVC1 SERVER03 > 192.168.1.3 0 DATA - +<000301c47f36$5b4ea9e0$c410fa56@ZCWTSEA> 250 0 > 124 2944 1235 SMTP - - - - > 2004-08-11 00:04:27 69.115.32.41 69.115.32.41 SMTPSVC1 SERVER03 > 192.168.1.3 0 RCPT - +TO:+<stef_frog@potterarchitects.com> 250 0 43 41 > 0 SMTP - - - - > 2004-08-11 00:04:27 218.190.26.60 218.190.26.60 SMTPSVC1 SERVER03 > 192.168.1.3 0 MAIL - +FROM:+<xldwgmihrqch@mailbox.gr> 250 0 48 36 0 > SMTP - - - - > > > Obviously, the accounts in front of @potterarchitects.com are bogus. > I don't recognize the ip addresses, either. What the heck does all > this mean? If there is someone connecting to one of the accounts, is > there a way to find out which account? > > > > John Bay: > Thanks, I tried that, and the messages are still building in the > queues. > > > > Les: > I'd like to try to fix this remotely, so I don't have access to remove > the NIC cable. If necessary, I can make a trip to the client office. > > The messages are all from postmaster@potterarchitects.com > > The recipients are all like this: SMTP:dnqwijdlhy@irol.net; and > SMTP:urkpn@gala.net; > > > > > Thanks all!
- Next message: Les Connor [SBS MVP]: "Re: Page Cannot Be Displayed"
- Previous message: Chris Jones: "Re: CPU 100%"
- In reply to: AJ: "Re: Open Relay woes!"
- Next in thread: Thomas W Shinder [MVP]: "Re: Open Relay woes!"
- Reply: Thomas W Shinder [MVP]: "Re: Open Relay woes!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
