The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail Log - What is this account doing?

Discussion in 'E-mail Discussions' started by Networkologist, Mar 22, 2003.

  1. Networkologist

    Networkologist Well-Known Member

    Joined:
    Feb 5, 2003
    Messages:
    209
    Likes Received:
    0
    Trophy Points:
    16
    Sorry for the flood of posts, but I'm just getting a handle on all of this.

    At first I received a bounced e-mail to plain.rackshack.net even tho I changed the hostname a while ago. I id a relay check using sam spade and it says it won't talk to me; so how did this happen?:

    This message was created automatically by mail delivery software (Exim).

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    martyn@mjryan.fsnet.co.uk
    (ultimately generated from rockfall@ultimateforce.net)
    SMTP error from remote mailer after RCPT TO:<martyn@mjryan.fsnet.co.uk>:
    host mail-in.pol.net.uk [195.92.193.155]: 550-Verification failed for <nobody@plain.rackshack.net>
    550-Unrouteable address
    550 Sender verify failed

    ======================================
    So I looked at my mail log and saw one account with hundreds of the these for days on end:

    x's were added by me

    Mar 22 15:53:09 secure cpanelpop[27889]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
    Mar 22 15:53:09 secure cpanelpop[27889]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
    Mar 22 15:53:09 secure cpanelpop[27889]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
    Mar 22 15:54:14 secure cpanelpop[27893]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
    Mar 22 15:54:14 secure cpanelpop[27893]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
    Mar 22 15:54:14 secure cpanelpop[27893]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
    Mar 22 15:54:56 secure imapd[27899]: Logout user=??? domain=??? host=localhost [127.0.0.1]
    Mar 22 15:55:19 secure cpanelpop[27924]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
    Mar 22 15:55:19 secure cpanelpop[27924]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
    Mar 22 15:55:20 secure cpanelpop[27924]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
    Mar 22 15:56:25 secure cpanelpop[27928]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
    Mar 22 15:56:25 secure cpanelpop[27928]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
    Mar 22 15:56:25 secure cpanelpop[27928]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
    Mar 22 15:57:30 secure cpanelpop[27933]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
    Mar 22 15:57:30 secure cpanelpop[27933]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
    Mar 22 15:57:31 secure cpanelpop[27933]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
    Mar 22 15:58:35 secure cpanelpop[27948]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
    Mar 22 15:58:35 secure cpanelpop[27948]: Login host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=yamxxxx
    Mar 22 15:58:36 secure cpanelpop[27948]: Session Closed host=pia158-54.pioneernet.net ip=66.114.158.54 user=yamxxxx realuser=$
    Mar 22 15:59:40 secure cpanelpop[27973]: Connection from host=pia158-54.pioneernet.net to ip=207.44.xxx.xx
     
  2. webprox

    webprox Registered

    Joined:
    May 24, 2003
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I would like to know this as well. Have the same thing in my logs:)

    cPanel.net Support Ticket Number:
     
  3. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    I would think that the person could either be trying to abuse antirelayd by ensuring his ip always stays in the allow list? Or for reasons known to himself has set his cliennt to check every minute, Have you asked them?

    Did you also try restarting exim after changing your hostname? is the plain.rackshack.net shown in the banner when you connect to the smtp port?

    cPanel.net Support Ticket Number:
     
  4. nsz

    nsz Well-Known Member

    Joined:
    Apr 28, 2004
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    I also have TONS of these lines in my logs.

    Mar 22 15:54:56 secure imapd[27899]: Logout user=??? domain=??? host=localhost [127.0.0.1]

    What would be causing this? I have no uses using IMAP at this time.

    Any info would be appreciated.
     
Loading...

Share This Page