Community Discussions and Support
AUTH LOGIN

Could be some spambot trying to guess your SMTP AUTH passwords to be able to relay through your server. To find out for sure you would need a session log from when this happens. The IP address translates to 246.185.81.218.broad.xw.sh.dynamic.163data.com.cn, so unless you expect to get valid email from China that would support the spam theory.

If you use authenticated SMTP make sure your passwords are strong. If these attacks continue you may want to add the suspicious IP addresses to SMTP connection control  in Mercury (with refuse action), or block them in your firewall.

/Rolf 

 

<p>Could be some spambot trying to guess your SMTP AUTH passwords to be able to relay through your server. To find out for sure you would need a session log from when this happens. The IP address translates to 246.185.81.218.broad.xw.sh.dynamic.163data.com.cn, so unless you expect to get valid email from China that would support the spam theory.</p><p>If you use authenticated SMTP make sure your passwords are strong. If these attacks continue you may want to add the suspicious IP addresses to SMTP connection control  in Mercury (with refuse action), or block them in your firewall.</p><p>/Rolf </p><p> </p>

G'day,

Over the last few days the following is showing in my MURCURYS.log

Is this a security problem?

If so what can I do to fix it?

 

T 20090222 083219 49a0b1f3 Connection closed with 92.42.251.240, 18 sec. elapsed.
T 20090222 083808 49a0b1f4 Connection from 218.81.185.246
T 20090222 083808 49a0b1f4 EHLO JIANG
T 20090222 083810 49a0b1f4 AUTH LOGIN
T 20090222 083811 49a0b1f4 AUTH LOGIN
T 20090222 083813 49a0b1f4 AUTH LOGIN
T 20090222 083814 49a0b1f4 AUTH LOGIN

----Snip

----End Snip

T 20090222 093404 49a0b1f4 AUTH LOGIN
T 20090222 093405 49a0b1f4 AUTH LOGIN
T 20090222 093407 49a0b1f4 AUTH LOGIN
T 20090222 093408 49a0b1f4 AUTH LOGIN
T 20090222 093409 49a0b1f4 AUTH LOGIN
T 20090222 093410 49a0b1f4 AUTH LOGIN
T 20090222 093412 49a0b1f4 RSET

 

Michael Doyle

Busselton, Western Australia

 

 

<P>G'day,</P> <P>Over the last few days the following is showing in my MURCURYS.log</P> <P>Is this a security problem?</P> <P>If so what can I do to fix it?</P> <P mce_keep="true"> </P> <P>T 20090222 083219 49a0b1f3 Connection closed with 92.42.251.240, 18 sec. elapsed. T 20090222 083808 49a0b1f4 Connection from 218.81.185.246 T 20090222 083808 49a0b1f4 EHLO JIANG T 20090222 083810 49a0b1f4 AUTH LOGIN T 20090222 083811 49a0b1f4 AUTH LOGIN T 20090222 083813 49a0b1f4 AUTH LOGIN T 20090222 083814 49a0b1f4 AUTH LOGIN </P> <P>----Snip</P> <P>----End Snip</P> <P>T 20090222 093404 49a0b1f4 AUTH LOGIN T 20090222 093405 49a0b1f4 AUTH LOGIN T 20090222 093407 49a0b1f4 AUTH LOGIN T 20090222 093408 49a0b1f4 AUTH LOGIN T 20090222 093409 49a0b1f4 AUTH LOGIN T 20090222 093410 49a0b1f4 AUTH LOGIN T 20090222 093412 49a0b1f4 RSET</P> <P mce_keep="true"> </P> <P>Michael Doyle</P> <P>Busselton, Western Australia</P> <P mce_keep="true"> </P> <P mce_keep="true"> </P>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft