In the /var/log/maillog file what is the difference between these 2 entries
(vchkpw-submission, vchkpw-smtp)?
example:
Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission: (PLAIN) login
success t...@domain.com:64.185.3.238
Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp: (PLAIN) log
Cher Client,
Nous avons bien reçu votre e-mail et nous vous en remercions. Nos
collaborateurs le traiteront aussi rapidement que possible.
Attention : ceci est une réponse automatique. Vous ne pouvez donc pas y
répondre.
Veuillez agréer nos salutations distinguées.
BNP Paribas Fortis SA
T :
vchkpw-submission is on port 587, and is typically used for emai clients
relaying mail. It's often set up to require authentication.
vchkpw-smtp is on port 25, and can be used for email clients to relay mail, or
by other servers delivering mail to your server.
-Tom
On Mar 4, 2014, at 9:41 PM
Cher Client,
Nous avons bien reçu votre e-mail et nous vous en remercions. Nos
collaborateurs le traiteront aussi rapidement que possible.
Attention : ceci est une réponse automatique. Vous ne pouvez donc pas y
répondre.
Veuillez agréer nos salutations distinguées.
BNP Paribas Fortis SA
T :
Thanks for the reply.
NOTE: None of my users will have sent anything from outside the US.
I've got some log entries for vchkpw-submission (marked as successful in the
log) with non-US IP's (Russia, Egypt, Honk Kong, etc).In my analysis I'm
marking those entries as hacked accounts.
>From what I
The submission entries outside the US could very well be from hacked accounts.
I'm finding a surprising number of compromised accounts (once a week?),
including users with good passwords, so I have to assume they're snooped on
public wireless, or their computers are compromised by malware of som
