SPAM SMTP delivery ?
Question asked by Uwe Degenhardt - May 12, 2015 at 6:20 AM
Unanswered
I everybody, we have the following entries in our smtp.log
I am confused. No authentication message is coming. No real message delivery.
Is this the try to send SPAM-messages ?
 
 
14:53:16 [109.239.173.31][65653794] rsp: 220 smartmail.domain.de
14:53:16 [109.239.173.31][65653794] connected at 12.05.2015 14:53:16
14:53:16 [109.239.173.31][65653794] cmd: HELO localhost
14:53:16 [109.239.173.31][65653794] rsp: 250 smartmail.domain.de Hello [109.239.173.31]
14:53:16 [109.239.173.31][65653794] cmd: MAIL FROM: <info@kundendomain.de>
14:53:16 [109.239.173.31][65653794] rsp: 250 OK <info@kundendomain.de> Sender ok
14:53:16 [109.239.173.31][65653794] cmd: RCPT TO: <dieter@endkundendomain.de>
14:53:16 [109.239.173.31][65653794] rsp: 550 <dieter@endkundendomain.de> No such user here
14:53:16 [109.239.173.31][65653794] cmd: RSET
14:53:16 [109.239.173.31][65653794] rsp: 250 OK

2 Replies

Reply to Thread
0
Do you host websites on the same server?
 
Have you SMTP AUTHENTICATION BYPASSED 127.0.0.1 in SmarterMail?
 
Have you WHITELISTED 127.0.0.1 in SmarterMail?
 
I ask because the line, "14:53:16 [109.239.173.31][65653794] cmd: HELO localhost" makes it look like someone has compromised your server and is using an SMTP service to send through SmarterMail.
 
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Hi Bruce, thank you. No, I don't host other websites. But I run
IIS for the SM-Webmailer and Admin-Access.
I doublechecked SMTP-Bypass. 127.0.0.1 is not there.
Also I haven't whitelisted it. Strange.
I will scan the whole server with a virus scanner.
 
Could it be, that these are compromised eMail-Accounts
running through the SM-Webmailer ?

Reply to Thread