Article 9067 at 07/03/10 07:26:42 From: dmobley (at mark) uhostme.net Subject: [coba-e:09067] Re: Relaying?

Index: [Article Count Order] [Thread]

Date:  Fri, 9 Mar 2007 17:20:34 -0500
From:  "Darrell D. Mobley" <dmobley (at mark) uhostme.net>
Subject:  [coba-e:09067] Re: Relaying?
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <001501c76299$28896600$799c3200$@net>
In-Reply-To:  <45F1B26A.1090302 (at mark) distortal.com>
References:  <45F1B26A.1090302 (at mark) distortal.com>
X-Mail-Count: 09067

Heh, that's the IP address/relay of the Blue Quartz mailing list ... THIS
list.  ;-)

-----Original Message-----
From: D [mailto:bqlist (at mark) distortal.com] 
Sent: Friday, March 09, 2007 2:16 PM
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:09064] Relaying?

Hi all,

I found this in today's LogWatch:

    Top relays (recipients/connections - min 10 rcpts, max 50 lines):
        27/27: s174172.ppp.asahi-net.or.jp [220.157.174.172]

It appears as though someone has managed to relay mail through my server but
I am not sure how.  Could it be a mail header injection on a PHP mail()
script, or is it a direct relay with the sender using my server for SMTP?
The IP address is not in my list pr permitted senders.

Any ideas on how to find the dodgy script if that's what it is?

Regards,

Dick