GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from

Home » GFI User Forums » Kerio Connect » Do I have a security breach? (Weird sender or possible relay)
Do I have a security breach? [message #129412] Thu, 05 May 2016 02:06 Go to previous message
Gaby is currently offline  Gaby
Messages: 34
Registered: March 2010
Checking the queue in Kerio Connect I noticed a weird thing: the sender showed <>.

Checking the debug file I noticed something that i suspect it may be an intent of relay using my mail server. Check out the following, particularily the first line

[04/May/2016 20:12:54][4444] {smtpc} Sending email to SMTP server, delivering mail from <>
[04/May/2016 20:12:55][4444] {smtpc} Connecting to ( using local interface
[04/May/2016 20:12:55][4444] {smtpc} Connected to
[04/May/2016 20:12:55][4444] {smtpc} Received greeting: 220 ESMTP eXpurgate 4.0.10
[04/May/2016 20:12:55][4444] {smtpc} Sending EHLO
[04/May/2016 20:12:56][4444] {smtpc} Switching connection to TLS
[04/May/2016 20:12:57][4444] {smtpc} Sending EHLO
[04/May/2016 20:12:57][4444] {smtpc} Sent MAIL command
[04/May/2016 20:12:57][4444] {smtpc} Got reply: 250 OK
[04/May/2016 20:12:57][4444] {smtpc} Sent RCPT TO: <SkinnerRosalinda51596<_at_>>
[04/May/2016 20:12:58][4444] {smtpc} Got reply: 250 OK
[04/May/2016 20:12:58][4444] {smtpc} Sent DATA command
[04/May/2016 20:12:58][4444] {smtpc} Got reply: 354 End data with <CR><LF>.<CR><LF>
[04/May/2016 20:12:58][4444] {smtpc} Sending message body...
[04/May/2016 20:12:58][4444] {smtpc} Data sent, got reply: 450 4.7.1 <SkinnerRosalinda51596<_at_>>: Relay access denied
[04/May/2016 20:12:58][4444] {smtpc} Data not accepted: 450 4.7.1 <SkinnerRosalinda51596<_at_>>: Relay access denied
[04/May/2016 20:12:59][4444] {smtpc} QUIT sent, got reply: 221 Bye
[04/May/2016 20:12:59][4444] {smtpc} Delivery to other mx servers was skipped.

I can't fully understand what is going on, but seems that someone called <> is trying to send a message through my server. Can it be?

Thanks in advance
Read Message
Read Message
Previous Topic: Whitelist IP no longer working
Next Topic: How to make sure that ALL local messages are on the server
Goto Forum:

Current Time: Mon Oct 02 23:39:04 CEST 2023

Total time taken to generate the page: 0.06688 seconds