[BlueOnyx:12384] Forged mail getting through
Robert Fitzpatrick
robert at webtent.org
Tue Mar 5 09:44:23 -05 2013
I had several forged emails get through a BO 5106 server this morning
and trying to figure out how they were allowed to be sent via the server...
Mar 5 09:01:37 vnyxbo sendmail[18836]: r25E1F36018836: from=<forged at domain
.com>, size=299, class=0, nrcpts=1,
msgid=<201303051401.r25E1F36018836 at vnyxbo.we
btent.net>, proto=ESMTP, daemon=TLSMTA,
relay=node-3ld.pool-101-51.dynamic.totbb
.net [101.51.18.49]
The sender domain is not even on this server and none of their DNS
points to this server other than NS records as their DNS records are
stored here. The server allows POP Authenticated Relaying and SMTP
Authentication. I'm trying to determine if they have used a compromised
password, I didn't find the IP on the poprelayd list. Can someone
suggest how I can track down how this message was authorized to send?
Thanks, Robert
--
Robert <robert at webtent.org>
More information about the Blueonyx
mailing list