Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: smtpfront-qmail/current log need's explaining to a newbie...
« previous next »
Pages: [1]   Go Down

smtpfront-qmail/current log need's explaining to a newbie...

  • 4 Replies
  • 948 Views

Offline Jasonuocs

  • **
  • 21
  • +0/-0
    • http://www.userone.co.uk
smtpfront-qmail/current log need's explaining to a newbie...
« on: January 04, 2005, 12:18:57 PM »
Hi All,

I have been using SME for a while now and incredibly impressed with it.
I am receiving the following error and not sure why.

Quote
2005-01-04 11:05:14.425265500 tcpserver: status: 1/40
2005-01-04 11:05:14.425493500 tcpserver: pid 17916 from 127.0.0.1
2005-01-04 11:05:14.426642500 tcpserver: ok 17916 0:127.0.0.1:25 localhost:127.0.0.1::35159
2005-01-04 11:05:14.463930500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:05:14.464261500 smtpfront-qmail[17916]: RCPT TO:<stanolsen88@userone.co.uk>
2005-01-04 11:05:27.090959500 smtpfront-qmail[17916]: Accepted message qp 17917 bytes 3293
2005-01-04 11:05:27.227899500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:05:27.227911500 smtpfront-qmail[17916]: RCPT TO:<jfernandez@userone.co.uk>
2005-01-04 11:05:40.226815500 smtpfront-qmail[17916]: Accepted message qp 17925 bytes 5142
2005-01-04 11:05:40.320263500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:05:40.320276500 smtpfront-qmail[17916]: RCPT TO:<g.hunter@userone.co.uk>
2005-01-04 11:05:53.413589500 smtpfront-qmail[17916]: Accepted message qp 17936 bytes 3494
2005-01-04 11:05:53.500789500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:05:53.500802500 smtpfront-qmail[17916]: RCPT TO:<melodyball_69@userone.co.uk>
2005-01-04 11:06:07.866434500 smtpfront-qmail[17916]: Accepted message qp 17944 bytes 4159
2005-01-04 11:06:07.966401500 smtpfront-qmail[17916]: MAIL FROM:<KZESQZXVZZJ@hush.com>
2005-01-04 11:06:07.966411500 smtpfront-qmail[17916]: RCPT TO:<jason@userone.co.uk>
2005-01-04 11:06:20.261618500 smtpfront-qmail[17916]: Accepted message qp 17962 bytes 2119
2005-01-04 11:06:20.358255500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:06:20.358268500 smtpfront-qmail[17916]: RCPT TO:<chuck.s.gleason@userone.co.uk>
2005-01-04 11:06:34.437664500 smtpfront-qmail[17916]: Accepted message qp 17969 bytes 4209
2005-01-04 11:06:34.526042500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:06:34.526054500 smtpfront-qmail[17916]: RCPT TO:<ekessler46@userone.co.uk>
2005-01-04 11:06:47.274569500 smtpfront-qmail[17916]: Accepted message qp 17975 bytes 3865
2005-01-04 11:06:47.362649500 smtpfront-qmail[17916]: MAIL FROM:<belohaloranren@charityemail.com> BODY=7BIT
2005-01-04 11:06:47.362663500 smtpfront-qmail[17916]: RCPT TO:<mike@userone.co.uk>
2005-01-04 11:07:00.185304500 smtpfront-qmail[17916]: Accepted message qp 17989 bytes 1435
2005-01-04 11:07:00.324185500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:07:00.324197500 smtpfront-qmail[17916]: RCPT TO:<postmaster@userone.co.uk>
2005-01-04 11:07:12.902745500 smtpfront-qmail[17916]: Accepted message qp 18000 bytes 2739
2005-01-04 11:07:12.995843500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:07:12.995857500 smtpfront-qmail[17916]: RCPT TO:<mary_andersen@userone.co.uk>
2005-01-04 11:07:25.663957500 smtpfront-qmail[17916]: Accepted message qp 18011 bytes 3920
2005-01-04 11:07:25.761112500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk> BODY=8BITMIME
2005-01-04 11:07:25.761126500 smtpfront-qmail[17916]: RCPT TO:<younghartman_5@userone.co.uk>
2005-01-04 11:07:38.542634500 smtpfront-qmail[17916]: Accepted message qp 18022 bytes 3793
2005-01-04 11:07:38.650271500 smtpfront-qmail[17916]: MAIL FROM:<advertising@iWantFreeGifts.com> BODY=8BITMIME
2005-01-04 11:07:38.650285500 smtpfront-qmail[17916]: RCPT TO:<angles@userone.co.uk>
2005-01-04 11:07:51.100862500 smtpfront-qmail[17916]: Accepted message qp 18033 bytes 2673
2005-01-04 11:07:51.190820500 smtpfront-qmail[17916]: bytes in: 41596 bytes out: 1201
2005-01-04 11:07:51.191897500 tcpserver: end 17916 status 0


Am I running an open relay? as I cant see who all these users are like mary_andersen@userone.co.uk we sadly have no women here in our company...

Can anyone help or explain?
Thanks
Jason
Logged
...

Offline smeghead

  • *
  • 563
  • +0/-0
smtpfront-qmail/current log need's explaining to a newbie...
« Reply #1 on: January 04, 2005, 02:48:41 PM »
.. your server should reject mail not sent to a known user unless you have the option set in the Email panel to send this mail to the Administrator.

If you choose to reject it then make sure to install the double bounce fix so the messages don;t go back and forth endlessly.

To check for an open relay got to:

http://www.abuse.net/relay.html

HTH
Logged
..................

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
smtpfront-qmail/current log need's explaining to a newbie...
« Reply #2 on: January 05, 2005, 01:17:50 AM »
Quote from: "smeghead"
.. your server should reject mail not sent to a known user unless you have the option set in the Email panel to send this mail to the Administrator.


No, it will not reject the mail, it will receive it, and then bounce it.

Quote

If you choose to reject it then make sure to install the double bounce fix so the messages don;t go back and forth endlessly.


They won't go back and forth endlessly. But any bounce messages which bounce (i.e. doublebounces) will go into the admin mailbox.

Quote

To check for an open relay got to:

http://www.abuse.net/relay.html

HTH


I don't see signs of an open relay here.
Logged

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: smtpfront-qmail/current log need's explaining to a newbi
« Reply #3 on: January 05, 2005, 01:36:13 AM »
Quote from: "Jasonuocs"
Hi All,

I have been using SME for a while now and incredibly impressed with it.
I am receiving the following error and not sure why.

Quote
2005-01-04 11:05:14.425265500 tcpserver: status: 1/40
2005-01-04 11:05:14.425493500 tcpserver: pid 17916 from 127.0.0.1
2005-01-04 11:05:14.426642500 tcpserver: ok 17916 0:127.0.0.1:25 localhost:127.0.0.1::35159



Note that the connection here is from 127.0.0.1 - i.e from localhost. This is not an external network connection.

The other thing to notice is the number in brackets after smtpfront-qmail. That's the process id of the smtpfront-qmail process.

Quote

2005-01-04 11:05:14.463930500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:05:14.464261500 smtpfront-qmail[17916]: RCPT TO:<stanolsen88@userone.co.uk>
2005-01-04 11:05:27.090959500 smtpfront-qmail[17916]: Accepted message qp 17917 bytes 3293
2005-01-04 11:05:27.227899500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:05:27.227911500 smtpfront-qmail[17916]: RCPT TO:<jfernandez@userone.co.uk>
2005-01-04 11:05:40.226815500 smtpfront-qmail[17916]: Accepted message qp 17925 bytes 5142
2005-01-04 11:05:40.320263500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:05:40.320276500 smtpfront-qmail[17916]: RCPT TO:<g.hunter@userone.co.uk>
2005-01-04 11:05:53.413589500 smtpfront-qmail[17916]: Accepted message qp 17936 bytes 3494
2005-01-04 11:05:53.500789500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:05:53.500802500 smtpfront-qmail[17916]: RCPT TO:<melodyball_69@userone.co.uk>
2005-01-04 11:06:07.866434500 smtpfront-qmail[17916]: Accepted message qp 17944 bytes 4159
2005-01-04 11:06:07.966401500 smtpfront-qmail[17916]: MAIL FROM:<KZESQZXVZZJ@hush.com>
2005-01-04 11:06:07.966411500 smtpfront-qmail[17916]: RCPT TO:<jason@userone.co.uk>
2005-01-04 11:06:20.261618500 smtpfront-qmail[17916]: Accepted message qp 17962 bytes 2119
2005-01-04 11:06:20.358255500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:06:20.358268500 smtpfront-qmail[17916]: RCPT TO:<chuck.s.gleason@userone.co.uk>
2005-01-04 11:06:34.437664500 smtpfront-qmail[17916]: Accepted message qp 17969 bytes 4209
2005-01-04 11:06:34.526042500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:06:34.526054500 smtpfront-qmail[17916]: RCPT TO:<ekessler46@userone.co.uk>
2005-01-04 11:06:47.274569500 smtpfront-qmail[17916]: Accepted message qp 17975 bytes 3865
2005-01-04 11:06:47.362649500 smtpfront-qmail[17916]: MAIL FROM:<belohaloranren@charityemail.com> BODY=7BIT
2005-01-04 11:06:47.362663500 smtpfront-qmail[17916]: RCPT TO:<mike@userone.co.uk>
2005-01-04 11:07:00.185304500 smtpfront-qmail[17916]: Accepted message qp 17989 bytes 1435
2005-01-04 11:07:00.324185500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:07:00.324197500 smtpfront-qmail[17916]: RCPT TO:<postmaster@userone.co.uk>
2005-01-04 11:07:12.902745500 smtpfront-qmail[17916]: Accepted message qp 18000 bytes 2739
2005-01-04 11:07:12.995843500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk>
2005-01-04 11:07:12.995857500 smtpfront-qmail[17916]: RCPT TO:<mary_andersen@userone.co.uk>
2005-01-04 11:07:25.663957500 smtpfront-qmail[17916]: Accepted message qp 18011 bytes 3920
2005-01-04 11:07:25.761112500 smtpfront-qmail[17916]: MAIL FROM:<MAILER-DAEMON@mail.userone.co.uk> BODY=8BITMIME
2005-01-04 11:07:25.761126500 smtpfront-qmail[17916]: RCPT TO:<younghartman_5@userone.co.uk>
2005-01-04 11:07:38.542634500 smtpfront-qmail[17916]: Accepted message qp 18022 bytes 3793
2005-01-04 11:07:38.650271500 smtpfront-qmail[17916]: MAIL FROM:<advertising@iWantFreeGifts.com> BODY=8BITMIME
2005-01-04 11:07:38.650285500 smtpfront-qmail[17916]: RCPT TO:<angles@userone.co.uk>
2005-01-04 11:07:51.100862500 smtpfront-qmail[17916]: Accepted message qp 18033 bytes 2673
2005-01-04 11:07:51.190820500 smtpfront-qmail[17916]: bytes in: 41596 bytes out: 1201
2005-01-04 11:07:51.191897500 tcpserver: end 17916 status 0

Am I running an open relay?


No sign of it. The recipients of each of those messages is @userone.co.uk, so they're local deliveries, not messages that your server might relay to somewhere else.

Quote

as I cant see who all these users are like mary_andersen@userone.co.uk we sadly have no women here in our company...

Can anyone help or explain?
Thanks
Jason


Someone has managed to have a program running on your server connect to the SMTP port, and injected a series of messages to
users local to your server. Sounds bad, eh?

My guess is that the program was fetchmail, and it's doing the job you asked it to do. The series of messages you see were sitting in a multi-drop mailbox at your ISP, and fetchmail fetched them, and forwarded them to the local SMTP server. Unfortunately, many of those messages were spam, and were addressed to users who don't exist. That form of spam is called "joe job" spam.

http://www.atg.wa.gov/consumer/idprivacy/joejob.shtml

Have a look in your /var/log/maillog and you will probably see fetchmail grabbing those messages.
Logged

Offline Jasonuocs

  • **
  • 21
  • +0/-0
    • http://www.userone.co.uk
smtpfront-qmail/current log need's explaining to a newbie...
« Reply #4 on: January 10, 2005, 03:20:51 PM »
Thanks for all your help there guys I will have a good read of what you are saying.

I have check for open relay via link sent and glad to say SME is doing a sterling job.

Thanks again
Jason
:-D

PS. you are right it does appear to be fetchmail.
Logged
...
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: smtpfront-qmail/current log need's explaining to a newbie...