Topic: large number of messages with strange sender !!!!

[gmr2000]

I have strange sender with large number of messages when I show “sender statistic” under Mail log file analysis. Can any one help to understand the meaning of <<>>, <#@[]>.

 

mess      bytes     sbytes     rbytes  recips  tries         xdelay  sender
1413   16590963      15877   16590963    1413   1413      95.486257  400/<<>>
14633  195384811  195384811  195384811   14633  14633     924.533626  400/<#@[]>
 9279  107535358     125651  107535358    9279   9279     573.086493  400/<>
  106    1072582     916924    1072582     106    106    6398.678393  401/<<>
  108     158082     141748     158082     108    108      12.385725  401/<>

[brownfox]

I have strange sender with large number of messages when I show “sender statistic” under Mail log file analysis. Can any one help to understand the meaning of <<>>, <#@[]>.

The problem i found was, that someone was using the server as a relay server. (sending from external adres to a external adres). the meaning <> and #@ can be a virus sending thru your server or spam.

I installed secure mail and disabled the possebility to access the mailserver external by pop or smtp (only secure imap). I installed also the email blocking rpm from dungog. After this the strange mail was gone and my cpu load went from 90% to 3%.

[raem]

brownfox

> The problem i found was, that someone was using
> the server as a relay server

You should run a relay test immediately:
telnet relay-test.mail-abuse.org
Alternatively browse to
www.abuse.net/relay.html

[gmr2000]

I am using SME 6.0 with AV and SA as mail gateway to scan the incoming emails and forward them to MS exchange. I do believe there is loop between SME and exchange. But, I don’t know how to figure it out.

I have check the server usig www.abuse.net/relay.html and it's not relaying.