yes ,you are right ,thank you very much
i see the log in mysql log like this
2851 webmaster 12345 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp: password
fail (pass: '12345') webmast... 1168331134 3
2852 webmaster 123456 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '123456') webmas... 1168342700 3
2853 webmaster 12345 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '12345') webmast... 1168342708 3
2854 webmaster 123456 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '123456') webmas... 1168344724 3
2855 webmaster 12345 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '12345') webmast... 1168344732 3
2856 webmaster 123456 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '123456') webmas... 1168346732 3
2857 webmaster 12345 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '12345') webmast... 1168346745 3
2858 webmaster 123456 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '123456') webmas... 1168348947 3
2859 webmaster 12345 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '12345') webmast... 1168348956 3
2860 webmaster 123456 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '123456') webmas... 1168351121 3
2861 webmaster 12345 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '12345') webmast... 1168351130 3
2862 webmaster 123456 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '123456') webmas... 1168353178 3
2863 webmaster 12345 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '12345') webmast... 1168353187 3
2864 webmaster 123456 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '123456') webmas... 1168355243 3
2865 webmaster 12345 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '12345') webmast... 1168355251 3
2866 webmaster 123456 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '123456') webmas... 1168357372 3
2867 webmaster 12345 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '12345') webmast... 1168357381 3
2868 webmaster 123456 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '123456') webmas... 1168359395 3
2869 webmaster 12345 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '12345') webmast... 1168359404 3
2870 webmaster 123456 sve-tech.com webmaster 59.40.27.78 vchkpw-smtp:
password fail (pass: '123456') webmas... 11683612
now i change the passwd of webmaster ,i think the problem will be OK now
----- Original Message -----
From: "Matthew Walker" <[EMAIL PROTECTED]>
To: <toaster@shupp.org>
Sent: Wednesday, January 10, 2007 12:13 AM
Subject: Re: [toaster] Problem with an open relay
>
> On Tue, January 9, 2007 4:44 am, [EMAIL PROTECTED] wrote:
>> but we see message header ,we can see any valid username ,but we see the
>> From HEADER is ""168.1.49.97dgrrtgr" <>" and no [EMAIL PROTECTED]"""""
>>
>>
>> Return-Path: <>
>> Received: (qmail 10514 invoked by uid 89); 8 Jan 2007 01:04:33 -0000
>> Received: by simscan 1.2.0 ppid: 10447, pid: 10511, t: 0.2801s
>> scanners: attach: 1.2.0 clamav: 0.88.7/m:41/d:2352
>> Received: from unknown (HELO winxp) ([EMAIL PROTECTED])
>> by 0 with ESMTPA; 8 Jan 2007 01:04:33 -0000
>> From: "168.1.49.97dgrrtgr" <>
>> Subject: =?GB2312?B?yeixuM6s0N653MDt?=
>> To: [EMAIL PROTECTED]
>> Content-Type: text/plain
>> MIME-Version: 1.0
>> Content-Transfer-Encoding: base64
>> Date: Mon, 8 Jan 2007 09:08:40 +0800
>>
>
> Headers are NOT reliable. Once a client has authenticated with a valid
> username and password, they can say whatever they want about who they are
> for the rest of the conversation.
>
> Seriously, you have a compromised account, or a user who is intentionally
> spamming through your server. Shut them down.
>
> --
> Matthew Walker
> Kydance Hosting & Consulting
> LAMP Specialist
>
