SPAM sent via ME MTA, not sure how

Discussion regarding the Standard version.
Post Reply
ted
Posts: 19
Joined: Thu Jul 14, 2011 7:25 pm

SPAM sent via ME MTA, not sure how

Post by ted » Thu Nov 21, 2013 4:29 pm

HI
I have a server running ME 6.84 with a single domain and about 15 mailboxes on it. One day last week it sent out thousands of SPAM messages from somewhere. I am not sure what happened and not even sure why it stopped. Because there were so few mailboxes on this server, I just changed all the passwords, but not sure if that stopped the relaying or not. I pasted a portion of the SMTP Activity log from that day below. Am I correct in thinking that this was a connection using the Postmaster account for authentication and then sending email out? But it was not limited to this single IP. Thanks for any help with this.

11/12/13 02:59:36 SMTP-IN 927C94BD449A430F81AA09D1DF87F371.MAI 1516 184.82.141.52 220 mail.sdsinfo.com ESMTP MailEnable Service, Version: 6.84-- ready at 11/12/13 02:59:36 0 0
11/12/13 02:59:36 SMTP-IN 7DB741A5173A4A888F5B1CAF7E7144F1.MAI 1520 184.82.141.52 220 mail.sdsinfo.com ESMTP MailEnable Service, Version: 6.84-- ready at 11/12/13 02:59:36 0 0
11/12/13 02:59:36 SMTP-IN 927C94BD449A430F81AA09D1DF87F371.MAI 1516 184.82.141.52 EHLO EHLO 127.0.0.1 250-sdsinfo.com [184.82.141.52], this server offers 4 extensions 127 16
11/12/13 02:59:36 SMTP-IN 7DB741A5173A4A888F5B1CAF7E7144F1.MAI 1520 184.82.141.52 EHLO EHLO 127.0.0.1 250-sdsinfo.com [184.82.141.52], this server offers 4 extensions 127 16
11/12/13 02:59:36 SMTP-IN 927C94BD449A430F81AA09D1DF87F371.MAI 1516 184.82.141.52 AUTH AUTH LOGIN 334 VXNlcm5hbWU6 18 12
11/12/13 02:59:36 SMTP-IN 7DB741A5173A4A888F5B1CAF7E7144F1.MAI 1520 184.82.141.52 AUTH AUTH LOGIN 334 VXNlcm5hbWU6 18 12
11/12/13 02:59:37 SMTP-IN 927C94BD449A430F81AA09D1DF87F371.MAI 1516 184.82.141.52 AUTH {blank} 334 UGFzc3dvcmQ6 18 18 postmaster
11/12/13 02:59:37 SMTP-IN 7DB741A5173A4A888F5B1CAF7E7144F1.MAI 1520 184.82.141.52 AUTH {blank} 334 UGFzc3dvcmQ6 18 18 postmaster
11/12/13 02:59:37 SMTP-IN 927C94BD449A430F81AA09D1DF87F371.MAI 1516 184.82.141.52 AUTH AA== 235 Authenticated 19 6 postmaster
11/12/13 02:59:37 SMTP-IN 7DB741A5173A4A888F5B1CAF7E7144F1.MAI 1520 184.82.141.52 AUTH AA== 235 Authenticated 19 6 postmaster
11/12/13 02:59:37 SMTP-IN 927C94BD449A430F81AA09D1DF87F371.MAI 1516 184.82.141.52 MAIL MAIL FROM: accounts@accounts2.com 250 Requested mail action okay, completed 43 35 postmaster
11/12/13 02:59:37 SMTP-IN 7DB741A5173A4A888F5B1CAF7E7144F1.MAI 1520 184.82.141.52 MAIL MAIL FROM: support2@accounts2.com 250 Requested mail action okay, completed 43 35 postmaster
11/12/13 02:59:37 SMTP-IN 927C94BD449A430F81AA09D1DF87F371.MAI 1516 184.82.141.52 RCPT RCPT TO: 00741@bellsouth.net 250 Requested mail action okay, completed 43 30 postmaster
11/12/13 02:59:37 SMTP-IN 7DB741A5173A4A888F5B1CAF7E7144F1.MAI 1520 184.82.141.52 RCPT RCPT TO: 0123895837538@yahoo.com 250 Requested mail action okay, completed 43 34 postmaster
11/12/13 02:59:37 SMTP-IN 927C94BD449A430F81AA09D1DF87F371.MAI 1516 184.82.141.52 RCPT RCPT TO: 007ashokeen@gmail.com 250 Requested mail action okay, completed 43 32 postmaster
11/12/13 02:59:37 SMTP-IN 7DB741A5173A4A888F5B1CAF7E7144F1.MAI 1520 184.82.141.52 RCPT RCPT TO: 012global@gmail.com 250 Requested mail action okay, completed 43 30 postmaster
11/12/13 02:59:37 SMTP-IN 927C94BD449A430F81AA09D1DF87F371.MAI 1516 184.82.141.52 RCPT RCPT TO: 007rater@gmail.com 250 Requested mail action okay, completed 43 29 postmaster
11/12/13 02:59:37 SMTP-IN 7DB741A5173A4A888F5B1CAF7E7144F1.MAI 1520 184.82.141.52 RCPT RCPT TO: 01350482@gmail.com 250 Requested mail action okay, completed 43 29 postmaster

Post Reply