There are lots of pitfalls were Mercury/32 can loose the body. F.ex. if you have processing rules, filters, antiviral scans etc. You actually need to examine the flow of your own messages, one step at a time. You do this by pausing each server module, then examine the processed files after each module's processing.

Yesterday i found out that my Mercury was sending relay mails using one of the accounts. Account was my administration account and i am the only one who knows accounts password. I changed the password but it did not help for the problem! Also reboot did not help. I changed every password for the system. One mailbox was relaying mail and i even tested my server with several online relay tester and the result was "passed". So i had no choice than delete whole account. After that system still tried to send spam to "@korea.com" addresses. After account removal SMTP Server was denied these sending cause there was no mail account that i had deleted and informed "We do not relay non local mail - sorry", as should be. But now something has changed and core process window is showing several mails "Notification discarded - Potential loop." for the account that i had deleted. My virus scanner found nothing and also spyware checkers found nothing. There is no extra processes going on tells the procexp software. I have Mercury 4.51. Am i missing something or is there miss configuration?

 Does anyone has the same problem? Is this possibly new kind of virus, determined to hijack Mercury and send spam mails? It looks like it is sending mail from local account but it comes from outside ip.. Here is piece of log of the spamming:

T 20070813 193256 46a5b72c Connection from 221.148.54.239
T 20070813 193257 46a5b72c HELO sfvxoghs.net
T 20070813 193257 46a5b72c MAIL From: <admin@\\censored domain name here//.net>
T 20070813 193258 46a5b72c RCPT TO: <3one@korea.com>
T 20070813 193258 46a5b72c RCPT TO: <3two1@korea.com>
T 20070813 193258 46a5b72c RCPT TO: <3pero@korea.com>
T 20070813 193259 46a5b72c RCPT TO: <3pocaptain@korea.com>
T 20070813 193259 46a5b72c RCPT TO: <3rdpress@korea.com>
T 20070813 193300 46a5b72c DATA - 19 lines, 790 bytes.
T 20070813 193300 46a5b72c QUIT
 

[quote user="Toitsu"]

Yesterday i found out that my Mercury was sending relay mails using one of the accounts. Account was my administration account and i am the only one who knows accounts password. I changed the password but it did not help for the problem! Also reboot did not help. I changed every password for the system. One mailbox was relaying mail and i even tested my server with several online relay tester and the result was "passed". So i had no choice than delete whole account. After that system still tried to send spam to "@korea.com" addresses. After account removal SMTP Server was denied these sending cause there was no mail account that i had deleted and informed "We do not relay non local mail - sorry", as should be. But now something has changed and core process window is showing several mails "Notification discarded - Potential loop." for the account that i had deleted. My virus scanner found nothing and also spyware checkers found nothing. There is no extra processes going on tells the procexp software. I have Mercury 4.51. Am i missing something or is there miss configuration?

 Does anyone has the same problem? Is this possibly new kind of virus, determined to hijack Mercury and send spam mails? It looks like it is sending mail from local account but it comes from outside ip.. Here is piece of log of the spamming:

T 20070813 193256 46a5b72c Connection from 221.148.54.239
T 20070813 193257 46a5b72c HELO sfvxoghs.net
T 20070813 193257 46a5b72c MAIL From: <admin@\\censored domain name here//.net>
T 20070813 193258 46a5b72c RCPT TO: <3one@korea.com>
T 20070813 193258 46a5b72c RCPT TO: <3two1@korea.com>
T 20070813 193258 46a5b72c RCPT TO: <3pero@korea.com>
T 20070813 193259 46a5b72c RCPT TO: <3pocaptain@korea.com>
T 20070813 193259 46a5b72c RCPT TO: <3rdpress@korea.com>
T 20070813 193300 46a5b72c DATA - 19 lines, 790 bytes.
T 20070813 193300 46a5b72c QUIT
 

[/quote]

Sounds to me like you have not turned off relaying and turned on strict in the MercuryS setup.  Use Configuration | MercuryS, select the "Connection control" tab and verify you have selected the first to options to turn off relaying.

[quote user="Thomas R. Stephenson"] 

Sounds to me like you have not turned off relaying and turned on strict in the MercuryS setup.  Use Configuration | MercuryS, select the "Connection control" tab and verify you have selected the first to options to turn off relaying.

 [/quote]

Nope. In MercuryS setup, at connection control tab, "Do not permit SMTP relaying of non-local mail" is checked and "Use strict local relaying restrictions" is not checked. As i wrote earlier, online relay testers could not use my server as relay server. Also i have never seen it doing relaying earlier. (I check logs almost in daily basis)

[quote user="Toitsu"]In MercuryS setup, at connection control tab, "Do not permit SMTP relaying of non-local mail" is checked and "Use strict local relaying restrictions" is not checked.[/quote]

As Thomas has said, *both* of these need to be checked to stop Mercury relaying.

The help is explicit:

[quote]In normal anti-relaying mode, Mercury will accept mail for delivery if either the recipient or the originator has a local e-mail address. If neither address is local, Mercury will compare the IP address of the connecting host to its connection control list (see above): if it finds an "allow" entry in that list that explicitly includes the connecting machine, then it will accept the mail, otherwise it will be failed with a diagnostic like "553 - We do not relay...".

In strict anti-relaying mode, Mercury follows the normal rules described above, but if the "From" address appears to be local, then Mercury will search the connection control list and will only accept the mail if an "allow" entry appears that explicitly permits the connecting host. [/quote]

Okay, yes, now i get it. But if i enable strict rules, i need to specify rules so that i can use mail clients from etc. work, home..? But one really should know some mailbox password to be able to use mercury as relay, if only the "Do not permit SMTP relay" is enabled?

If you have static IP addresses you can enter them as 'allow' entires in the connection control.  Otherwise, and probably simpler, is to enable authentication by checking the third checkbox.  Then you can relay from any location so long as you supply the correct username/password.

(Make sure you apply the latest security fix for whichever version you run.)

[quote user="PaulW"]

If you have static IP addresses you can enter them as 'allow' entires in the connection control.  Otherwise, and probably simpler, is to enable authentication by checking the third checkbox.  Then you can relay from any location so long as you supply the correct username/password.

(Make sure you apply the latest security fix for whichever version you run.)

[/quote]

 Ok, thank you, now it is better. Also i have encountered new problem and i believe it is related to this earlier problem. For some reason, mercury starts to send mails as empty. There is no from it comes, no message and no subject. It does this when i send mail, does not send it automatically, but when i make an email and send it, it comes to other mail as empty. When i restart mercury it works fine few days. What happens? Some buffer fills or what..?
 

Can you show an example of what you mean, and have you updated to the latest version?