Email was not forwarded |
Post Reply 
|
| Author | |
vbourbeau 
Newbie 
Joined: 14 April 2010 Status: Offline Points: 19 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Email was not forwardedPosted: 07 November 2014 at 1:15pm |
|
Hi, I don't understand in log file I see all the test pass for the email but nothing is forward? And nothing quarantine? look the log above: 11/07/14 10:51:13:914 -- (118643312) Detected TCP Connection: 24.201.245.36 11/07/14 10:51:13:914 -- (118643312) Connection from: 24.201.245.36 - Originating country : Canada 11/07/14 10:51:14:273 -- (118643312) Received MAIL FROM: ******@******.ca 11/07/14 10:51:14:351 -- (118643312) Received RCPT TO: m*****n@*****.com 11/07/14 10:51:14:398 -- (118643312) Resolving 24.201.245.36 - relais.videotron.ca 11/07/14 10:51:14:632 -- (118643312) found SPF record for videotron.ca: v=spf1 mx a:relais.videotron.ca a:mx01.videotron.com a:mx02.videotron.com ip4:24.201.245.36 ~all 11/07/14 10:51:14:742 -- (118643312) SPF query result: pass 11/07/14 10:51:14:742 -- (118643312) - SPF analysis for videotron.ca done: - pass Nothing else after that... |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 November 2014 at 8:12pm |
|
vbourbeau,
There should be at least one other line containing the same id (118643312) indicating a disconnect. Please note that it may appear several minutes after the tries you indicated above. Some servers/bots may just attempt to find the validity of a recipient by issuing the sequence of commands above and then either disconnect or let the smtp session expire. That IP (24.201.245.36) is a legitimate mail server, but there are several reports of it having been compromised and used to spam in the past years. If you'd like to zip and email us your entire activity logfile for us to look, you can contact us at support at logsat dot com.
|
|
|
|
|
vbourbeau
Newbie
Joined: 14 April 2010 Status: Offline Points: 19 |
Post Options
Thanks(0)
Quote Reply
Posted: 18 November 2014 at 10:20am |
|
sorry for the long reply I've not recived notice of post probaby block by spamfilter :)
any way I've many case today look this one: 11/18/14 10:06:36:059 -- (102752064) Detected TCP Connection: 204.19.176.234 11/18/14 10:06:36:059 -- (102752064) Connection from: 204.19.176.234 - Originating country : Canada 11/18/14 10:06:36:403 -- (102752064) Received MAIL FROM: A***B@a**.com 11/18/14 10:06:36:559 -- (102752064) Received RCPT TO: d***@b***.com 11/18/14 10:06:36:653 -- (102752064) Resolving 204.19.176.234 - cpt-smtp03l-p.acceo.com 11/18/14 10:06:37:043 -- (102752064) found SPF record for acceo.com: v=spf1 ip4:204.19.176.0/24 ip4:64.254.227.0/24 ip4:74.114.101.0/28 206.162.179.0/24 ?all 11/18/14 10:06:37:043 -- (102752064) SPF query result: pass 11/18/14 10:06:37:043 -- (102752064) - SPF analysis for acceo.com done: - pass 11/18/14 10:06:37:043 -- (102752064) Mail from: A***B@a**.com 11/18/14 10:06:37:449 -- (102752064) - MAPS search done... 11/18/14 10:06:37:449 -- (102752064) RCPT TO: d***@b***.com accepted 11/18/14 10:06:37:449 -- (102752064) Bypassed all rules for: d***@b***.com from A***B@a**.com ( Whitelisted EmailTO) 11/18/14 10:07:10:745 -- (102752064) Disconnect 11/18/14 10:07:10:745 -- (102752064) IdSMTPServerException non-critical error: Not Connected Edited by vbourbeau - 18 November 2014 at 10:22am |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 18 November 2014 at 12:50pm |
|
SpamFilter reported an exception:
IdSMTPServerException non-critical error: Not Connected Indicating that the connection was abruptly terminated. As this happened about 30 seconds after the the initial exchange of the MAIL FROM/RCPT TO recipients, it's likely that the disconnect it occurred while the payload of the email was being transmitted. It's thus possible that a firewall/antivirus/antispam (either the sender's or yours) has terminated the connection due to a virus or a malicious payload. Only with a packet sniffer it would be possible to find out more details as to what is actually happening, but as the two source IPs in your email samples are different, I suspect you may be having this behavior from multiple sources, making the packet captures a bit complicated due to the large amounts of data if you're unable to filter the capture by IPs.
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.129 seconds.