3 messages in net.sourceforge.lists.courier-users[courier-users] spoofing?| From | Sent On | Attachments |
|---|---|---|
| Robert Horton | May 20, 2004 3:25 pm | |
| Gordon Messmer | May 20, 2004 3:53 pm | |
| Sam Varshavchik | May 20, 2004 4:07 pm |
| Subject: | [courier-users] spoofing? | |
|---|---|---|
| From: | Robert Horton (tre...@agarithil-nost.com) | |
| Date: | May 20, 2004 3:25:45 pm | |
| List: | net.sourceforge.lists.courier-users | |
Can someone tell by looking at this log snippet what may be going on here?
May 20 15:08:37 blah courierd: newmsg,id=00056BEF.40AD2C65.00002C8D: dns; localhost (localhost [127.0.0.1]) May 20 15:08:37 blah courierd: started,id=00056BEF.40AD2C65.00002C8D,from=<>,module=esmtp,host=ms18.hin et.net,addr=<8ac...@ms18.hinet.net> May 20 15:08:37 blah courierd: Waiting. shutdown time=none, wakeup time=Thu May 20 15:13:33 2004, queuedelivering=9, inprogress=8
To me it looks like a message is coming from localhost only.....my domain is NOT hinet.net..
What is going on here and what would be recommended?
Here also is my default smtpaccess file:
localhost allow,RELAYCLIENT ## By default, enable relaying for localhost.
24.17.224.197 allow,RELAYCLIENT
# Also, enable relaying for 10.0.0.0/8 and 192.168.0.0/16
10 allow,RELAYCLIENT 192.168 allow,RELAYCLIENT
# Use the following entry to deny connections from bad IP addresses # # 192.168.5 deny 168.95 deny 219.91 deny 210.59 deny
the three IPs that I have listed as deny are ones I *think* are part of this wierd domain...but they are still coming through so I suspect something else is going on.
Any help would be appreciated..
Thanks