Fli
06-09-2016, 09:11 AM
Getting an e-mail from firewall:
SUBJECT: lfd on HOSTNAMEHERE: RELAY Alert for IPHERE (US/United States/hostnamethatseemstoindicateaVPShere)
BODY:
Time: Wed Jun 8 23:12:38 2016 +0000
Type: RELAY, Remote IP - IPHERE (US/United States/HOSTNAMEHERE)
Count: 151 emails relayed
Blocked: Temporary Block
Sample of the first 10 emails:
2016-06-08 22:21:27 1bAlqo-0006iO-F3 <= <> H=HOSTNAMEHERE [IPHERE]:44342 P=esmtp S=2277 T="Delivery report" for [email protected]
2016-06-08 22:21:27 1bAlqo-0006iN-G9 <= <> H=HOSTNAMEHERE [IPHERE]:48976 P=esmtp S=2293 T="Delivery report" for [email protected]
2016-06-08 22:22:08 1bAlrT-0006oP-G7 <= <> H=HOSTNAMEHERE [IPHERE]:47211 P=esmtp S=2066 T="Delivery report" for [email protected]
Someone explained that it means Firewall is reporting that it temporarily blocked remote IP, because remote IP tried to use local SMTP server with login credentials of the DOMAINHERE.com account to send e-mail to 151 recipients. Is that so?
When i lookup mail folder in the hosting account related to DOMAINHERE.com, i see emails are in /home/USERNAME/mail/DOMAINHERE.com/bounce/new
And the email file content shows that this local hosting account sent alot of emails to one server (maybe a SMTP server which just reay traffic) and this server is just responding that the emails can't be delivered.
SUBJECT: lfd on HOSTNAMEHERE: RELAY Alert for IPHERE (US/United States/hostnamethatseemstoindicateaVPShere)
BODY:
Time: Wed Jun 8 23:12:38 2016 +0000
Type: RELAY, Remote IP - IPHERE (US/United States/HOSTNAMEHERE)
Count: 151 emails relayed
Blocked: Temporary Block
Sample of the first 10 emails:
2016-06-08 22:21:27 1bAlqo-0006iO-F3 <= <> H=HOSTNAMEHERE [IPHERE]:44342 P=esmtp S=2277 T="Delivery report" for [email protected]
2016-06-08 22:21:27 1bAlqo-0006iN-G9 <= <> H=HOSTNAMEHERE [IPHERE]:48976 P=esmtp S=2293 T="Delivery report" for [email protected]
2016-06-08 22:22:08 1bAlrT-0006oP-G7 <= <> H=HOSTNAMEHERE [IPHERE]:47211 P=esmtp S=2066 T="Delivery report" for [email protected]
Someone explained that it means Firewall is reporting that it temporarily blocked remote IP, because remote IP tried to use local SMTP server with login credentials of the DOMAINHERE.com account to send e-mail to 151 recipients. Is that so?
When i lookup mail folder in the hosting account related to DOMAINHERE.com, i see emails are in /home/USERNAME/mail/DOMAINHERE.com/bounce/new
And the email file content shows that this local hosting account sent alot of emails to one server (maybe a SMTP server which just reay traffic) and this server is just responding that the emails can't be delivered.