• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 853
  • Last Modified:

Is our Exchange Server compromised?

Hello - I'm back to work to try to get our in house email working again now that I have some free time on my hands (it stopped working since we switched from ISA to a sonicwall). The first thing I have done is to turn on logging for SMTP to try and diagnose the problem. I can clearly see my test messages attempting to be sent out, even though they aren't making it.

HOWEVER...

While perusing through the logs, I noticed one entry set that looked bizarre compared to the rest. Please see the code snippet.

It looks as if someone is using our server to send email? I did a trace route and found the IP to reside somewhere in Taiwan!

Can anyone verify this correctly? And if so, what should I do?

Thanks,
R1Andy
2008-11-18 22:18:20 118.168.115.183 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 HELO - +216.215.250.42 250 0 39 19 0 SMTP - - - -
2008-11-18 22:18:20 118.168.115.183 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<ttc585ttc585@yahoo.com.tw> 250 0 50 38 0 SMTP - - - -
2008-11-18 22:18:25 118.168.115.183 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<adh39swn@yahoo.com.tw> 550 0 0 32 5016 SMTP - - - -
2008-11-18 22:18:28 118.168.115.183 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 QUIT - 216.215.250.42 240 8312 53 32 7531 SMTP - - - -

Open in new window

0
R1Andy
Asked:
R1Andy
  • 7
  • 5
1 Solution
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
www.mxtoolbox.com to test your setup. Put the your ISP IP into the box and see what it tells you.
If you have an Open Relay warning, rerun the CEICW --> SBS Console --> To Do --> Connect to the Internet.
What did you do to uninstall ISA? Did you also remove the second NIC?
Philip
0
 
R1AndyAuthor Commented:
Yes, I disabled one of the NIC's. mxtoolbox.com does not yeild any helpful information regarding the MX records:

No MX records found for rain1.com

DNS Host: Unknown
Email Host: Unknown

-----------------

I did a test from http://vger.kernel.org/mxverify.html and got the following:

MX-VERIFY-CGI run for ``andy@rain1.com''

Doing resolver lookup for T=MX domain=``rain1.com''
Questionable: NO MX DATA: domain=``rain1.com'' We SIMULATE!
Do have at least one MX entry added!

Testing MX server: rain1.com

Address lookup did yield following ones:

  IPv4 67.15.32.226

Testing server at address: IPv4 67.15.32.226

ERROR: Connect failure reason: Connection refused

(Still possibly all OK!)

--------------

I would like to get this issue resolved, but shouldn't I be more worried whether or not an intruder is using our server for malicious purposes?
0
 
R1AndyAuthor Commented:
Update: I have godaddy forcing the MX records which should update within 24 hours. I will test again then. However, I am still getting unusual log entries in the SMTP logs. Can anyone please tell me why it looks like our server is being used to relay mail?
2008-11-20 05:55:26 124.11.185.118 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 HELO - +216.215.250.42 250 0 38 19 0 SMTP - - - -
2008-11-20 05:55:26 124.11.185.118 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<alice-691209@gmail.com> 250 0 47 35 0 SMTP - - - -
2008-11-20 05:55:32 124.11.185.118 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<ericoom@gmail.com> 550 0 0 28 5000 SMTP - - - -
2008-11-20 05:55:32 124.11.185.118 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 QUIT - 216.215.250.42 240 6063 49 28 5250 SMTP - - - -
 
--------------------------------------------------
 
2008-11-20 16:16:24 118.167.129.211 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 HELO - +216.215.250.42 250 0 39 19 0 SMTP - - - -
2008-11-20 16:16:24 118.167.129.211 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<support@microsoft.com> 250 0 46 34 0 SMTP - - - -
2008-11-20 16:16:29 118.167.129.211 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<support@microsoft.com> 550 0 0 32 5016 SMTP - - - -
2008-11-20 16:16:29 118.167.129.211 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 QUIT - 216.215.250.42 240 6484 53 32 5375 SMTP - - - -
 
--------------------------------------------------------
 
The above two log entries were inbetween hundreds of the following entries:
 
2008-11-20 17:32:31 65.54.245.8 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 421+Cannot+connect+to+SMTP+server+65.54.245.8+(65.54.245.8:25),+connect+error+10061 0 0 83 0 1172 SMTP - - - -
2008-11-20 17:32:33 65.54.244.8 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 220+bay0-mc1-f15.bay0.hotmail.com+Sending+unsolicited+commercial+or+bulk+e-mail+to+Microsoft's+computer+network+is+prohibited.+Other+restrictions+are+found+at+http://privacy.msn.com/Anti-spam/.+Violations+will+result+in+use+of+equipment+located+in+California+and+other+states.+Thu,+20+Nov+2008+09:32:33+-0800+ 0 0 309 0 1453 SMTP - - - -
2008-11-20 17:32:33 65.54.244.8 OutboundConnectionCommand SMTPSVC1 SERVER - 25 EHLO - rain1.com 0 0 4 0 1453 SMTP - - - -
2008-11-20 17:32:33 65.54.244.8 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250-bay0-mc1-f15.bay0.hotmail.com+(3.7.0.89)+Hello+[216.215.250.42] 0 0 67 0 1672 SMTP - - - -
2008-11-20 17:32:33 65.54.244.8 OutboundConnectionCommand SMTPSVC1 SERVER - 25 MAIL - FROM:<Andrew@rain1.com>+SIZE=2486 0 0 4 0 1672 SMTP - - - -
2008-11-20 17:32:33 65.54.244.8 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+Andrew@rain1.com....Sender+OK 0 0 33 0 1890 SMTP - - - -
2008-11-20 17:32:33 65.54.244.8 OutboundConnectionCommand SMTPSVC1 SERVER - 25 RCPT - TO:<savage909@hotmail.com> 0 0 4 0 1890 SMTP - - - -
2008-11-20 17:32:33 65.54.244.8 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+savage909@hotmail.com+ 0 0 26 0 2140 SMTP - - - -
2008-11-20 17:32:33 65.54.244.8 OutboundConnectionCommand SMTPSVC1 SERVER - 25 BDAT - 2486+LAST 0 0 4 0 2140 SMTP - - - -

Open in new window

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
When you used the www.mxtoolbox.com utility, did you do an RBL check? That is, verifying your server's IP against any existing black lists?
Philip
0
 
R1AndyAuthor Commented:
I just tried and it didn't say either way. The screen refreshed, but there was no status text. Maybe it's down, I'll try again later.
0
 
R1AndyAuthor Commented:
OK, godaddy.com fixed the MX record and the emails are sending/receiving correctly. So that just leaves my original question about whether or not our server has been compromised?
0
 
R1AndyAuthor Commented:
<BUMP> Now that our email is fully working again, I am seeing a lot of stuff in the SMTP logs that looks like it is not coming from anyone in our office (or too anyone). Infact, I also saw a log entry that had david@rain1.com which we don't have either (we have a dave@rain1.com though).

Due to the lack of response, I am going to assume one of two things:

1) The answer is too obvious, and I am stupid for asking

or

2) The experts at Experts Exchange have no clue?

Anyone, please a response would be greatly appreciated. I'm not stingy with points ;)
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Been sick the last two weeks.
Reverse NDR attack and fix:
http://blog.mpecsinc.ca/2008/02/smtp-server-remote-queue-length-alert.html
While you are at it, Exchange Greylisting:
http://blog.mpecsinc.ca/2007/08/sbs-exchange-email-spam-issue-error.html
Philip
0
 
R1AndyAuthor Commented:
Thanks for the response Philip! :) I'm not sure that is exactly what we are experiencing as we have no "Bad Emails" in the exchange server folder that are waiting to be sent, nor NDR reports filling up the Exchange que. It just looks as if someone is using our server to send and possibly receive emails.

Is this possible? Or is the code I pasted just stating an attempt to deliver to an email that is not hosted on our server?

Pasted below are some of today's entries:
These are the entries in question:
 
2008-12-02 00:12:37 81.21.76.13 cp02.donhost.co.uk SMTPSVC1 SERVER 192.168.16.2 0 HELO - +cp02.donhost.co.uk 250 0 35 23 0 SMTP - - - -
2008-12-02 00:12:37 81.21.76.13 cp02.donhost.co.uk SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<newsletter@ofidpost.info> 250 0 49 36 15 SMTP - - - -
2008-12-02 00:12:42 81.21.76.13 cp02.donhost.co.uk SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<david@rain1.com> 550 0 0 25 5016 SMTP - - - -
2008-12-02 00:12:42 81.21.76.13 cp02.donhost.co.uk SMTPSVC1 SERVER 192.168.16.2 0 QUIT - cp02.donhost.co.uk 240 5500 58 4 0 SMTP - - - -
2008-12-02 00:15:01 189.106.149.232 189106149232.user.veloxzone.com.br SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +189106149232.user.veloxzone.com.br 250 0 304 39 0 SMTP - - - -
2008-12-02 00:15:01 189.106.149.232 189106149232.user.veloxzone.com.br SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<spirosk@fiiqmx.net> 250 0 43 31 0 SMTP - - - -
2008-12-02 00:15:06 189.106.149.232 189106149232.user.veloxzone.com.br SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<david@rain1.com> 550 0 0 26 5000 SMTP - - - -
2008-12-02 00:15:06 189.106.149.232 189106149232.user.veloxzone.com.br SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 00:15:11 189.106.149.232 189106149232.user.veloxzone.com.br SMTPSVC1 SERVER 192.168.16.2 0 QUIT - 189106149232.user.veloxzone.com.br 240 19437 58 4 0 SMTP - - - -
2008-12-02 00:39:30 63.226.35.152 value-smtp.infusionsoft.com SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +value-smtp.infusionsoft.com 250 0 302 32 0 SMTP - - - -
2008-12-02 00:39:30 63.226.35.152 value-smtp.infusionsoft.com SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<bounce@infusionmail.com> 250 0 48 45 0 SMTP - - - -
2008-12-02 00:39:35 63.226.35.152 value-smtp.infusionsoft.com SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<david@rain1.com> 550 0 0 25 5000 SMTP - - - -
2008-12-02 00:39:35 63.226.35.152 value-smtp.infusionsoft.com SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 00:39:40 63.226.35.152 value-smtp.infusionsoft.com SMTPSVC1 SERVER 192.168.16.2 0 QUIT - value-smtp.infusionsoft.com 240 10234 58 4 0 SMTP - - - -
2008-12-02 01:17:29 12.35.238.133 mail.kirusa.com SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +mail.kirusa.com 250 0 302 20 0 SMTP - - - -
2008-12-02 01:17:29 12.35.238.133 mail.kirusa.com SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<newsletter-bounces@kirusa.com> 250 0 54 62 0 SMTP - - - -
2008-12-02 01:17:34 12.35.238.133 mail.kirusa.com SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<david@rain1.com> 550 0 0 25 5015 SMTP - - - -
2008-12-02 01:17:34 12.35.238.133 mail.kirusa.com SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 01:17:39 12.35.238.133 mail.kirusa.com SMTPSVC1 SERVER 192.168.16.2 0 QUIT - mail.kirusa.com 240 10157 58 4 0 SMTP - - - -
2008-12-02 02:16:27 85.250.154.248 w1922 SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +w1922 250 0 303 10 0 SMTP - - - -
2008-12-02 02:16:28 85.250.154.248 w1922 SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<sixpenceri63@infonie.fr> 250 0 48 35 0 SMTP - - - -
2008-12-02 02:16:33 85.250.154.248 w1922 SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<avid@rain1.com> 550 0 0 25 5016 SMTP - - - -
2008-12-02 02:16:33 85.250.154.248 w1922 SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 02:16:39 85.250.154.248 w1922 SMTPSVC1 SERVER 192.168.16.2 0 QUIT - w1922 240 12734 58 4 0 SMTP - - - -
2008-12-02 03:00:12 209.85.198.216 rv-out-0304.google.com SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +rv-out-0304.google.com 250 0 303 27 0 SMTP - - - -
2008-12-02 03:00:12 209.85.198.216 rv-out-0304.google.com SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<3u6Q0SRQKBd0FNNFKD9KDQSR-MNQDOKXFNNFKD.BNLC9UHCQ9HMa.BNL@alerts.bounces.google.com> 250 0 107 94 0 SMTP - - - -
2008-12-02 03:00:17 209.85.198.216 rv-out-0304.google.com SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<david@rain1.com> 550 0 0 25 5015 SMTP - - - -
2008-12-02 03:00:17 209.85.198.216 rv-out-0304.google.com SMTPSVC1 SERVER 192.168.16.2 0 QUIT - rv-out-0304.google.com 240 5344 58 4 0 SMTP - - - -
2008-12-02 03:27:03 120.8.6.36 localhost SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +localhost 250 0 299 14 0 SMTP - - - -
2008-12-02 03:27:03 120.8.6.36 localhost SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<shihs@correo1.com> 250 0 42 30 15 SMTP - - - -
2008-12-02 03:27:08 120.8.6.36 localhost SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<david@rain1.com> 550 0 0 26 5000 SMTP - - - -
2008-12-02 03:27:08 120.8.6.36 localhost SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 03:27:13 120.8.6.36 localhost SMTPSVC1 SERVER 192.168.16.2 0 QUIT - localhost 240 11016 58 4 0 SMTP - - - -
2008-12-02 03:38:56 38.192.4.46 black.jangomail.com SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +black.jangomail.com 250 0 300 24 0 SMTP - - - -
2008-12-02 03:38:56 38.192.4.46 black.jangomail.com SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<cashonlineusa@jangomail.com> 250 0 52 40 16 SMTP - - - -
2008-12-02 03:39:01 38.192.4.46 black.jangomail.com SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<tony@rain1.com> 550 0 0 25 5000 SMTP - - - -
2008-12-02 03:39:01 38.192.4.46 black.jangomail.com SMTPSVC1 SERVER 192.168.16.2 0 QUIT - black.jangomail.com 240 5547 58 4 0 SMTP - - - -
2008-12-02 04:11:55 78.48.55.56 tizsjvn.alicedsl.de SMTPSVC1 SERVER 192.168.16.2 0 HELO - +tizsjvn.alicedsl.de 250 0 35 24 0 SMTP - - - -
2008-12-02 04:11:55 78.48.55.56 tizsjvn.alicedsl.de SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<apprehensive@casal.net.ar> 250 0 50 38 0 SMTP - - - -
2008-12-02 04:12:01 78.48.55.56 tizsjvn.alicedsl.de SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<tchisholm@rain1.com> 550 0 0 30 5016 SMTP - - - -
2008-12-02 04:12:01 78.48.55.56 tizsjvn.alicedsl.de SMTPSVC1 SERVER 192.168.16.2 0 QUIT - tizsjvn.alicedsl.de 240 7250 24 30 5375 SMTP - - - -
2008-12-02 05:04:49 124.11.188.88 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 HELO - +216.215.250.42 250 0 37 19 0 SMTP - - - -
2008-12-02 05:04:49 124.11.188.88 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<alice-691209@gmail.com> 250 0 47 35 0 SMTP - - - -
2008-12-02 05:04:55 124.11.188.88 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<ericoom@gmail.com> 550 0 0 28 5016 SMTP - - - -
2008-12-02 05:04:55 124.11.188.88 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 QUIT - 216.215.250.42 240 6062 49 28 5297 SMTP - - - -
2008-12-02 05:05:26 199.9.29.3 mta4.absoluteserviceandsmiles.net SMTPSVC1 SERVER 192.168.16.2 0 HELO - +mta4.absoluteserviceandsmiles.net 250 0 34 38 0 SMTP - - - -
2008-12-02 05:05:26 199.9.29.3 mta4.absoluteserviceandsmiles.net SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<name@absoluteserviceandsmiles.net> 250 0 58 46 0 SMTP - - - -
2008-12-02 05:05:31 199.9.29.3 mta4.absoluteserviceandsmiles.net SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<david@rain1.com> 550 0 0 26 5016 SMTP - - - -
2008-12-02 05:05:31 199.9.29.3 mta4.absoluteserviceandsmiles.net SMTPSVC1 SERVER 192.168.16.2 0 QUIT - mta4.absoluteserviceandsmiles.net 240 5328 58 4 0 SMTP - - - -
2008-12-02 05:58:02 67.212.131.131 mx1.hbsslaw.net SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +mx1.hbsslaw.net 250 0 303 20 0 SMTP - - - -
2008-12-02 05:58:02 67.212.131.131 mx1.hbsslaw.net SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<classnoticeadmin_9520DFBAA4928F20F1F479373CA6FF8A@hbsslaw.net> 250 0 86 87 16 SMTP - - - -
2008-12-02 05:58:07 67.212.131.131 mx1.hbsslaw.net SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<david@rain1.com> 550 0 0 25 5000 SMTP - - - -
2008-12-02 05:58:07 67.212.131.131 mx1.hbsslaw.net SMTPSVC1 SERVER 192.168.16.2 0 QUIT - mx1.hbsslaw.net 240 5609 58 4 0 SMTP - - - -
2008-12-02 07:50:27 118.169.212.47 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 HELO - +216.215.250.42 250 0 38 19 0 SMTP - - - -
2008-12-02 07:50:27 118.169.212.47 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<tewre.erwe@msa.hinet.net> 250 0 49 37 16 SMTP - - - -
2008-12-02 07:50:33 118.169.212.47 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<ericoom@gmail.com> 550 0 0 28 5000 SMTP - - - -
2008-12-02 07:50:33 118.169.212.47 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 QUIT - 216.215.250.42 240 6063 49 28 5250 SMTP - - - -
2008-12-02 08:21:53 118.169.212.42 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 HELO - +216.215.250.42 250 0 38 19 0 SMTP - - - -
2008-12-02 08:21:53 118.169.212.42 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<bonnlee@gmail.com> 250 0 42 30 0 SMTP - - - -
2008-12-02 08:21:58 118.169.212.42 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<ericoom@gmail.com> 550 0 0 28 5000 SMTP - - - -
2008-12-02 08:21:58 118.169.212.42 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 QUIT - 216.215.250.42 240 6125 49 28 5281 SMTP - - - -
2008-12-02 09:24:57 123.236.73.40 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 HELO - +216.215.250.42 250 0 37 19 0 SMTP - - - -
2008-12-02 09:24:57 123.236.73.40 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<TheEquivalents9626@acrometrix.com> 250 0 58 46 0 SMTP - - - -
2008-12-02 09:25:04 123.236.73.40 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<rain@rain1.com> 550 0 0 25 5031 SMTP - - - -
2008-12-02 09:25:04 123.236.73.40 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 QUIT - 216.215.250.42 240 8312 58 4 0 SMTP - - - -
2008-12-02 09:36:01 66.90.92.110 supermarketsurvey.com SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +supermarketsurvey.com 250 0 301 26 0 SMTP - - - -
2008-12-02 09:36:01 66.90.92.110 supermarketsurvey.com SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<return@supermarketsurvey.com> 250 0 53 50 0 SMTP - - - -
2008-12-02 09:36:06 66.90.92.110 supermarketsurvey.com SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<tony@rain1.com> 550 0 0 24 5031 SMTP - - - -
2008-12-02 09:36:06 66.90.92.110 supermarketsurvey.com SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 09:36:11 66.90.92.110 supermarketsurvey.com SMTPSVC1 SERVER 192.168.16.2 0 QUIT - supermarketsurvey.com 240 10125 58 4 0 SMTP - - - -
2008-12-02 09:52:59 216.22.55.79 hattrickhatcher.com SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +hattrickhatcher.com 250 0 301 24 0 SMTP - - - -
2008-12-02 09:52:59 216.22.55.79 hattrickhatcher.com SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<return@italianarrosto.com> 250 0 50 47 0 SMTP - - - -
2008-12-02 09:53:04 216.22.55.79 hattrickhatcher.com SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<tony@rain1.com> 550 0 0 24 5016 SMTP - - - -
2008-12-02 09:53:04 216.22.55.79 hattrickhatcher.com SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 09:53:09 216.22.55.79 hattrickhatcher.com SMTPSVC1 SERVER 192.168.16.2 0 QUIT - hattrickhatcher.com 240 10188 58 4 0 SMTP - - - -
2008-12-02 10:02:08 82.49.212.243 sfufq.telecomitalia.it SMTPSVC1 SERVER 192.168.16.2 0 HELO - +sfufq.telecomitalia.it 250 0 37 27 0 SMTP - - - -
2008-12-02 10:02:08 82.49.212.243 sfufq.telecomitalia.it SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<splinting@em-company.de> 250 0 48 36 0 SMTP - - - -
2008-12-02 10:02:15 82.49.212.243 sfufq.telecomitalia.it SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<tchisholm@rain1.com> 550 0 0 30 5016 SMTP - - - -
2008-12-02 10:02:15 82.49.212.243 sfufq.telecomitalia.it SMTPSVC1 SERVER 192.168.16.2 0 QUIT - sfufq.telecomitalia.it 240 7281 24 30 5484 SMTP - - - -
2008-12-02 10:08:45 124.11.190.65 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 HELO - +216.215.250.42 250 0 37 19 0 SMTP - - - -
2008-12-02 10:08:45 124.11.190.65 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<all9988@gmail.com> 250 0 42 30 0 SMTP - - - -
2008-12-02 10:08:51 124.11.190.65 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<ericoom@gmail.com> 550 0 0 28 5000 SMTP - - - -
2008-12-02 10:08:51 124.11.190.65 216.215.250.42 SMTPSVC1 SERVER 192.168.16.2 0 QUIT - 216.215.250.42 240 5969 49 28 5234 SMTP - - - -
2008-12-02 10:09:13 58.9.109.34 nzn-4c6dcc5cb92 SMTPSVC1 SERVER 192.168.16.2 0 HELO - +nzn-4c6dcc5cb92 250 0 35 20 0 SMTP - - - -
2008-12-02 10:09:13 58.9.109.34 nzn-4c6dcc5cb92 SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<rios@wattson.com> 250 0 41 28 0 SMTP - - - -
2008-12-02 10:09:19 58.9.109.34 nzn-4c6dcc5cb92 SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<david@rain1.com> 550 0 0 25 5000 SMTP - - - -
2008-12-02 10:09:19 58.9.109.34 nzn-4c6dcc5cb92 SMTPSVC1 SERVER 192.168.16.2 0 QUIT - nzn-4c6dcc5cb92 240 6656 58 4 0 SMTP - - - -
2008-12-02 10:30:30 124.120.68.5 microsof-ffd96b SMTPSVC1 SERVER 192.168.16.2 0 HELO - +microsof-ffd96b 250 0 36 20 0 SMTP - - - -
2008-12-02 10:30:30 124.120.68.5 microsof-ffd96b SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<theresaburles@btinternet.com> 250 0 53 40 0 SMTP - - - -
2008-12-02 10:30:36 124.120.68.5 microsof-ffd96b SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<david@rain1.com> 550 0 0 25 5016 SMTP - - - -
2008-12-02 10:30:36 124.120.68.5 microsof-ffd96b SMTPSVC1 SERVER 192.168.16.2 0 QUIT - microsof-ffd96b 240 6609 58 4 0 SMTP - - - -
2008-12-02 11:50:27 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +200-163-17-47.bsace705.e.brasiltelecom.net.br 250 0 302 50 0 SMTP - - - -
2008-12-02 11:50:27 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<adulterantsgrh@lbti.com> 250 0 48 36 16 SMTP - - - -
2008-12-02 11:50:32 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<avid@rain1.com> 550 0 0 25 5031 SMTP - - - -
2008-12-02 11:50:32 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 11:50:38 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<adulterantsgrh@lbti.com> 250 0 48 36 0 SMTP - - - -
2008-12-02 11:50:43 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<avid@rain1.com> 550 0 0 25 5000 SMTP - - - -
2008-12-02 11:50:43 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 11:50:53 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<disinherited22@norelli.com> 503 0 0 39 5000 SMTP - - - -
2008-12-02 11:50:58 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<avid@rain1.com> 550 0 0 25 5031 SMTP - - - -
2008-12-02 11:50:58 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 11:51:03 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<adulterantsgrh@lbti.com> 250 0 48 36 0 SMTP - - - -
2008-12-02 11:51:08 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<avid@rain1.com> 550 0 0 25 5000 SMTP - - - -
2008-12-02 11:51:08 200.163.17.47 200-163-17-47.bsace705.e.brasiltelecom.net.br SMTPSVC1 SERVER 192.168.16.2 0 QUIT - 200-163-17-47.bsace705.e.brasiltelecom.net.br 240 41062 0 25 5000 SMTP - - - -
2008-12-02 11:55:07 209.249.101.182 web182.WildernessSince.com SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +web182.WildernessSince.com 250 0 304 31 0 SMTP - - - -
2008-12-02 11:55:07 209.249.101.182 web182.WildernessSince.com SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<429.4.63029120-1228101@WildernessSince.com> 250 0 67 54 0 SMTP - - - -
2008-12-02 11:55:12 209.249.101.182 web182.WildernessSince.com SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<tony@rain1.com> 550 0 0 24 5016 SMTP - - - -
2008-12-02 11:55:12 209.249.101.182 web182.WildernessSince.com SMTPSVC1 SERVER 192.168.16.2 0 QUIT - web182.WildernessSince.com 240 5406 58 4 0 SMTP - - - -
2008-12-02 12:14:41 38.192.4.46 black.jangomail.com SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +black.jangomail.com 250 0 300 24 0 SMTP - - - -
2008-12-02 12:14:41 38.192.4.46 black.jangomail.com SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<drivingleads@jangomail.com> 250 0 51 39 0 SMTP - - - -
2008-12-02 12:14:47 38.192.4.46 black.jangomail.com SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<tony@rain1.com> 550 0 0 25 5000 SMTP - - - -
2008-12-02 12:14:47 38.192.4.46 black.jangomail.com SMTPSVC1 SERVER 192.168.16.2 0 QUIT - black.jangomail.com 240 5484 58 4 0 SMTP - - - -
2008-12-02 13:15:14 114.44.131.249 mlbrlaw.com SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +mlbrlaw.com 250 0 303 16 0 SMTP - - - -
2008-12-02 13:15:42 114.44.131.249 mlbrlaw.com SMTPSVC1 SERVER 192.168.16.2 0 QUIT - mlbrlaw.com 240 30328 76 10 5719 SMTP - - - -
2008-12-02 13:57:39 198.145.47.115 mail115.theshopperssite.com SMTPSVC1 SERVER 192.168.16.2 0 HELO - +mail115.theshopperssite.com 250 0 38 32 0 SMTP - - - -
2008-12-02 13:57:39 198.145.47.115 mail115.theshopperssite.com SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<n.7651.27977099@theshopperssite.com> 250 0 60 48 0 SMTP - - - -
2008-12-02 13:57:44 198.145.47.115 mail115.theshopperssite.com SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<rain@rain1.com> 550 0 0 25 5016 SMTP - - - -
2008-12-02 13:57:44 198.145.47.115 mail115.theshopperssite.com SMTPSVC1 SERVER 192.168.16.2 0 QUIT - mail115.theshopperssite.com 240 5328 58 4 0 SMTP - - - -
2008-12-02 14:07:38 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 EHLO - +localhost 250 0 303 14 0 SMTP - - - -
2008-12-02 14:07:38 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<derogationjfk4@summitgolfclub.com> 250 0 58 46 0 SMTP - - - -
2008-12-02 14:07:44 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<david@rain1.com> 550 0 0 26 5015 SMTP - - - -
2008-12-02 14:07:44 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 14:07:49 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<derogationjfk4@summitgolfclub.com> 250 0 58 46 0 SMTP - - - -
2008-12-02 14:07:54 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<david@rain1.com> 550 0 0 26 5000 SMTP - - - -
2008-12-02 14:07:54 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 14:08:04 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<thirsting2@michigansportnews.net> 503 0 0 45 5000 SMTP - - - -
2008-12-02 14:08:09 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<david@rain1.com> 550 0 0 26 5000 SMTP - - - -
2008-12-02 14:08:09 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 DATA - - 503 0 0 4 0 SMTP - - - -
2008-12-02 14:08:14 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<derogationjfk4@summitgolfclub.com> 250 0 58 46 0 SMTP - - - -
2008-12-02 14:08:19 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<david@rain1.com> 550 0 0 26 5000 SMTP - - - -
2008-12-02 14:08:19 222.252.207.10 localhost SMTPSVC1 SERVER 192.168.16.2 0 QUIT - localhost 240 41390 0 26 5000 SMTP - - - -
2008-12-02 14:47:56 212.179.69.1 cvbtbc.bezeqint.net SMTPSVC1 SERVER 192.168.16.2 0 HELO - +cvbtbc.bezeqint.net 250 0 36 24 0 SMTP - - - -
2008-12-02 14:47:56 212.179.69.1 cvbtbc.bezeqint.net SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<technologize@gdyunhua.com> 250 0 50 38 0 SMTP - - - -
2008-12-02 14:48:01 212.179.69.1 cvbtbc.bezeqint.net SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<tchisholm@rain1.com> 550 0 0 30 5016 SMTP - - - -
2008-12-02 14:48:01 212.179.69.1 cvbtbc.bezeqint.net SMTPSVC1 SERVER 192.168.16.2 0 QUIT - cvbtbc.bezeqint.net 240 5828 24 30 5219 SMTP - - - -
2008-12-02 15:25:58 24.28.193.158 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 221+rrcs-mgw-04.hrndva.rr.com 0 0 29 0 954 SMTP - - - -
2008-12-02 15:26:05 209.162.184.170 mailer.dmxzone.com SMTPSVC1 SERVER 192.168.16.2 0 HELO - +mailer.dmxzone.com 250 0 39 23 0 SMTP - - - -
2008-12-02 15:26:05 209.162.184.170 mailer.dmxzone.com SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<news@DMXzone.COM> 250 0 41 28 0 SMTP - - - -
2008-12-02 15:26:10 209.162.184.170 mailer.dmxzone.com SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<david@rain1.com> 550 0 0 25 5031 SMTP - - - -
2008-12-02 15:26:10 209.162.184.170 mailer.dmxzone.com SMTPSVC1 SERVER 192.168.16.2 0 QUIT - mailer.dmxzone.com 240 5375 24 25 5110 SMTP - - - -
2008-12-02 15:43:13 67.90.143.41 mansellgroup.net SMTPSVC1 SERVER 192.168.16.2 0 HELO - +mansellgroup.net 250 0 36 21 0 SMTP - - - -
2008-12-02 15:43:13 67.90.143.41 mansellgroup.net SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:<PEWeekWire.UM.A.5015.2337@ThomsonNewsLetter.co.mansellgroup.net> 250 0 88 75 0 SMTP - - - -
2008-12-02 15:43:20 67.90.143.41 mansellgroup.net SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:<david@rain1.com> 550 0 0 25 5125 SMTP - - - -
2008-12-02 15:43:20 67.90.143.41 mansellgroup.net SMTPSVC1 SERVER 192.168.16.2 0 QUIT - mansellgroup.net 240 9187 58 4 0 SMTP - - - -
2008-12-02 15:57:50 143.248.201.125 create-indestructible-oasis.cn SMTPSVC1 SERVER 192.168.16.2 0 HELO - +create-indestructible-oasis.cn 250 0 39 35 0 SMTP - - - -
2008-12-02 15:57:50 143.248.201.125 create-indestructible-oasis.cn SMTPSVC1 SERVER 192.168.16.2 0 MAIL - +FROM:+<juddkuki@create-indestructible-oasis.cn> 250 0 64 52 0 SMTP - - - -
2008-12-02 15:57:56 143.248.201.125 create-indestructible-oasis.cn SMTPSVC1 SERVER 192.168.16.2 0 RCPT - +TO:+<david@rain1.com> 550 0 0 26 5031 SMTP - - - -
2008-12-02 15:57:56 143.248.201.125 create-indestructible-oasis.cn SMTPSVC1 SERVER 192.168.16.2 0 QUIT - create-indestructible-oasis.cn 240 7437 24 26 5484 SMTP - - - -
 
-------------------------
 
These entries are from legitimate emails I believe:
 
2008-12-02 13:15:15 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 HELO - +server 250 0 33 11 0 SMTP - - - -
2008-12-02 13:15:15 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 MAIL - +FROM:+<Administrator@rain1.com> 250 0 48 36 0 SMTP - - - -
2008-12-02 13:15:15 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 RCPT - +TO:+<andy@rainoneinc.com> 250 0 32 30 0 SMTP - - - -
2008-12-02 13:15:15 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 DATA - +<80799B2DF987489A8688301AC912187E@Rain1.local> 250 0 130 810 15 SMTP - - - -
2008-12-02 13:15:15 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 QUIT - server 240 31 58 4 0 SMTP - - - -
2008-12-02 13:15:26 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 HELO - +server 250 0 33 11 0 SMTP - - - -
2008-12-02 13:15:26 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 MAIL - +FROM:+<Administrator@rain1.com> 250 0 48 36 0 SMTP - - - -
2008-12-02 13:15:26 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 RCPT - +TO:+<andy@rainoneinc.com> 250 0 32 30 0 SMTP - - - -
2008-12-02 13:15:26 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 DATA - +<A593D0E1D5044617AA6D7937A4FF21C7@Rain1.local> 250 0 130 810 31 SMTP - - - -
2008-12-02 13:15:26 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 QUIT - server 240 31 58 4 0 SMTP - - - -
2008-12-02 13:15:34 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 HELO - +server 250 0 33 11 0 SMTP - - - -
2008-12-02 13:15:34 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 MAIL - +FROM:+<Administrator@rain1.com> 250 0 48 36 0 SMTP - - - -
2008-12-02 13:15:34 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 RCPT - +TO:+<andy@rainoneinc.com> 250 0 32 30 0 SMTP - - - -
2008-12-02 13:15:34 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 DATA - +<685B48A342554B628BFF7419F233AE5B@Rain1.local> 250 0 130 810 47 SMTP - - - -
2008-12-02 13:15:34 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 QUIT - server 240 47 58 4 0 SMTP - - - -
2008-12-02 13:15:39 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 HELO - +server 250 0 33 11 0 SMTP - - - -
2008-12-02 13:15:39 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 MAIL - +FROM:+<Administrator@rain1.com> 250 0 48 36 0 SMTP - - - -
2008-12-02 13:15:39 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 RCPT - +TO:+<andy@rainoneinc.com> 250 0 32 30 0 SMTP - - - -
2008-12-02 13:15:39 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 DATA - +<C689996CDE5045FC81093DC3A74B4F8C@Rain1.local> 250 0 130 810 47 SMTP - - - -
2008-12-02 13:15:39 127.0.0.1 server SMTPSVC1 SERVER 127.0.0.1 0 QUIT - server 240 47 58 4 0 SMTP - - - -
2008-12-02 15:24:21 216.69.192.162 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 220+smtp2.netwalk.com+ESMTP+nwsmtpd+ready;+welcome 0 0 50 0 1265 SMTP - - - -
2008-12-02 15:24:21 216.69.192.162 OutboundConnectionCommand SMTPSVC1 SERVER - 25 EHLO - rain1.com 0 0 4 0 1265 SMTP - - - -
2008-12-02 15:24:21 216.69.192.162 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250-smtp2.netwalk.com+Hi+216.215.250.42.valuetech.net+[216.215.250.42] 0 0 70 0 1640 SMTP - - - -
2008-12-02 15:24:21 216.69.192.162 OutboundConnectionCommand SMTPSVC1 SERVER - 25 MAIL - FROM:<kris@rainoneinc.com>+SIZE=24585 0 0 4 0 1640 SMTP - - - -
2008-12-02 15:24:21 216.69.192.162 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+<kris@rainoneinc.com>,+sender+OK+-+how+exciting+to+get+mail+from+you! 0 0 73 0 1890 SMTP - - - -
2008-12-02 15:24:21 216.69.192.162 OutboundConnectionCommand SMTPSVC1 SERVER - 25 RCPT - TO:<kfleming@kellerf.com> 0 0 4 0 1890 SMTP - - - -
2008-12-02 15:24:22 216.69.192.162 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+<kfleming@kellerf.com>,+recipient+ok 0 0 40 0 2265 SMTP - - - -
2008-12-02 15:24:22 216.69.192.162 OutboundConnectionCommand SMTPSVC1 SERVER - 25 DATA - - 0 0 4 0 2265 SMTP - - - -
2008-12-02 15:24:22 216.69.192.162 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 354+go+ahead 0 0 12 0 2390 SMTP - - - -
2008-12-02 15:24:24 216.69.192.162 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+Queued!+1228231464+qp+30478+<C8FB2601456F9547BD6F896B3564959605D60C@server> 0 0 79 0 4265 SMTP - - - -
2008-12-02 15:24:24 216.69.192.162 OutboundConnectionCommand SMTPSVC1 SERVER - 25 QUIT - - 0 0 4 0 4281 SMTP - - - -
2008-12-02 15:24:24 216.69.192.162 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 221+smtp2.netwalk.com+closing+connection.+Have+a+wonderful+day. 0 0 63 0 4390 SMTP - - - -
2008-12-02 15:25:58 24.28.193.158 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 220+rrcs-mgw-04.hrndva.rr.com+ESMTP 0 0 35 0 172 SMTP - - - -
2008-12-02 15:25:58 24.28.193.158 OutboundConnectionCommand SMTPSVC1 SERVER - 25 EHLO - rain1.com 0 0 4 0 172 SMTP - - - -
2008-12-02 15:25:58 24.28.193.158 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250-rrcs-mgw-04.hrndva.rr.com 0 0 29 0 266 SMTP - - - -
2008-12-02 15:25:58 24.28.193.158 OutboundConnectionCommand SMTPSVC1 SERVER - 25 MAIL - FROM:<kris@rainoneinc.com>+SIZE=18552 0 0 4 0 266 SMTP - - - -
2008-12-02 15:25:58 24.28.193.158 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+sender+<kris@rainoneinc.com>+ok 0 0 35 0 360 SMTP - - - -
2008-12-02 15:25:58 24.28.193.158 OutboundConnectionCommand SMTPSVC1 SERVER - 25 RCPT - TO:<chief-mason@insight-bc.com> 0 0 4 0 360 SMTP - - - -
2008-12-02 15:25:58 24.28.193.158 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 250+recipient+<chief-mason@insight-bc.com>+ok 0 0 45 0 454 SMTP - - - -
2008-12-02 15:25:58 24.28.193.158 OutboundConnectionCommand SMTPSVC1 SERVER - 25 DATA - - 0 0 4 0 454 SMTP - - - -
2008-12-02 15:25:58 24.28.193.158 OutboundConnectionResponse SMTPSVC1 SERVER - 25 - - 354+go+ahead 0 0 12 0 547 SMTP - - - -

Open in new window

0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
The attached screenshot says no problem.

Here is my Telnet Test:

220 rain1.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Tue
, 2 Dec 2008 12:12:01 -0500
ehlo mpecsinc.ca
250-rain1.com Hello [66.18.244.227]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
mail from:email@mpecsinc.ca
250 2.1.0 email@mpecsinc.ca....Sender OK
rcpt to:David@rain1.com
550 5.1.1 User unknown

You do not have an open relay.

The above log has a Quit in it. The attempts to connect are failing if I read it correctly.

This is the KB for SMTP communications:
http://support.microsoft.com/kb/153119
Philip
08-12-02-MXToolbox-Results-for-R.PNG
0
 
R1AndyAuthor Commented:
Thanks Philip - I'm glad we are OK!
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
You are very welcome!
Thanks for that. :)

Philip
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now