Oalf, thank you!

 I checked the three options under "compliance" tab.

1) limited maximum number of failed RCPTS to 4  

2) require clients to use an ESMTP size declaration.

3) Refuse messages that have not "date" field.

Thank you for helping!!!

Team, I am looking over my mercury log for last few days. there are many attempts/logs like the following, but they are from different IPs.

----------------------------------------------------------------- 

T 20140204 174852 52ef7f1e Connection closed with 213.186.183.252, 2 sec. elapsed.
T 20140204 181552 52ef7f1f Connection from 174.76.243.53
T 20140204 181552 52ef7f1f EHLO [192.168.2.33]
T 20140204 181553 52ef7f1f MAIL FROM: <test@live.com>
T 20140204 181553 52ef7f1f RCPT TO: <therichsheickc@yahoo.com>
E 20140204 181553 52ef7f1f Relay attempt by 174.76.243.53: from <test@live.com> to <therichsheickc@yahoo.com>.
T 20140204 181553 52ef7f1f RCPT TO: <therichsheick1@yahoo.com>
E 20140204 181553 52ef7f1f Relay attempt by 174.76.243.53: from <test@live.com> to <therichsheick1@yahoo.com>.
T 20140204 181553 52ef7f1f RCPT TO: <therichsheick9@yahoo.com>
E 20140204 181553 52ef7f1f Relay attempt by 174.76.243.53: from <test@live.com> to <therichsheick9@yahoo.com>.
T 20140204 181553 52ef7f1f RCPT TO: <therichsheick2@yahoo.com>
E 20140204 181553 52ef7f1f Relay attempt by 174.76.243.53: from <test@live.com> to <therichsheick2@yahoo.com>.
T 20140204 181553 52ef7f1f RCPT TO: <therichsheick0@yahoo.com>
E 20140204 181553 52ef7f1f Relay attempt by 174.76.243.53: from <test@live.com> to <therichsheick0@yahoo.com>.
T 20140204 181553 52ef7f1f QUIT
T 20140204 181553 52ef7f1f Connection closed with 174.76.243.53, 1 sec. elapsed.

-----------------------------------------------------------------  

I have no ideas about test@live.com ; therichsheickc@yahoo.com and IPs. I think that some one/computers are doing spams on my email server. I am not sure what I should do? I set up SMTP/passwords, so I do not think that these email went out, but I do not know what to check or if I need to worry about it or not? please advise?

thank you 

They don't spam ... they are testing your mailhost on possibilities of missusing it. As long as you have disabled relaying on non-local mail and/or only enabled it with authorisation, this attempts should result in an error ... as shown in your log.

bye    Olaf

Olaf, thank you! understood now. are there any ways to stop these kinds of testing? thank you

There's not realy a possibility. You could reject the IP-addresses of that servers in Mercury - but:

• most times the tests are done by robots, which are hacked into that server
• if you reject the IP-address, next time it will be another mailhost where testmails are send from

I have been using Mercury/NLM for a long time and since a couple of years Mercury/32. I never allowed relaying and Mercury has never been missused. May be you should have an addidtional look at the features under "Compliance" with MercuryS.

bye    Olaf

Hello Olaf, thank you for helping!

1) here is my setting for MercuryS SMTP server : under connection control > Relay control

option 1 : don't permit smtp relaying of non-local mail  ( this option is checked, but it is grayed out)

option 2: use strict local relaying restrictions ( this option is also checked)

option 3: Authenticated SMTO connection may relay mail ( this option is also checked)

so I have above three options checked. Is it ok?

2) I also looked under "Compliance", But I am do not know what to check or not? ( newbee :) What is kind of setting do you have? can you give me some details here or point me some guides?  

Thank you !!!!

> 1) here is my setting for MercuryS SMTP server : under connection control > Relay control

They seem to be OK (and if one of the lower options is checked, option 1 is grayed -  see help)

> 2) I also looked under "Compliance", But I am do not know what to check or not?

You may i.e. "Limit maximum number of failed RCPT commands" and "Limit maximum number of failed RCPT commands"  in conjunction with "Enable short-term blacklisting for compliance failures". But do it with care - read the help or the Mercury manual. I activate them on need - in case those atempts increase.

> What is kind of setting do you have?

Activated "Enable transaction-level expression filtering" and put in some special rules there. But these rules depend on using a NDS/eDirectory of Novell for authentification. In NDS are objects represaenting organisation and it may be possible to send mails to the organisation ... resulting in errormessages (these objects don't have a mailaddress :-). I stopped this boring errors by creating rules so MercuryS will reject those mails already on communication with sender.

Have a killfile for some addresses that come on and on ... and activated "Check originator address fields against the killfile". Perhaps you may need a whitelist in addition.

You may reject mails on missing headers like subject and date ... but this is more to "educate" the senders to put in a significant subject or to use mailclients setting the date-header. I didn't enable it but it may be, that not a few spammers miss setting date or subject and it may be a possibility to reduce contacts by spammers.

At least all these setting are for enabling MercuryS to reject mails already on communication with originator or a delivering external mailhost.

If you have problems with spammails, read on spamhalter and install it in Mercury. You have to do a lot of training for selflearning spamhalter in the beginning and always have to look for false positiv.

bye    Olaf