If it gets too bad, you could always deny the IP address at the firewall. I suspect you could be in for quite a time if you're forever chasing that. Looks like their stuck on your address though. Can you turn up the logging a little and see what SMTP addresses they're after? -----Original Message----- From: Simon Bound [mailto:simon.bound@xxxxxxxxxxxxxxxxxxxx] Sent: Monday, January 05, 2004 12:41 PM To: [ExchangeList] Subject: [exchangelist] RE: Current sessions[Scanned] http://www.MSExchange.org/ Al Here is a selection from the SMTP log late today 17:06:02 218.166.64.161 HELO - 250 17:06:02 219.91.106.226 EHLO - 250 17:06:02 218.166.64.161 QUIT - 240 17:06:03 219.91.106.226 MAIL - 250 17:06:03 219.91.106.226 RCPT - 550 17:06:05 219.91.106.226 QUIT - 240 17:06:09 61.231.2.224 HELO - 250 17:06:09 61.231.2.224 MAIL - 250 17:06:09 61.231.2.224 RCPT - 550 17:06:10 61.231.2.224 QUIT - 240 17:06:17 61.231.2.224 HELO - 250 17:06:17 61.231.2.224 MAIL - 250 17:06:18 61.231.2.224 RCPT - 550 17:06:18 61.231.2.224 QUIT - 240 17:06:20 218.167.58.206 HELO - 250 17:06:20 218.167.58.206 MAIL - 250 17:06:20 218.167.58.206 RCPT - 550 17:06:21 218.167.58.206 QUIT - 240 17:06:29 219.91.111.145 EHLO - 250 17:06:30 219.91.111.145 MAIL - 250 17:06:30 219.91.111.145 RCPT - 550 17:06:31 219.91.111.145 QUIT - 240 17:06:33 219.91.107.46 EHLO - 250 17:06:34 219.91.107.46 MAIL - 250 17:06:34 218.166.64.161 HELO - 250 17:06:34 218.166.64.161 MAIL - 250 17:06:34 219.91.107.46 RCPT - 550 17:06:34 218.166.64.161 RCPT - 550 17:06:36 219.91.107.46 QUIT - 240 17:06:36 218.166.64.161 QUIT - 240 17:06:36 218.166.29.83 HELO - 250 17:06:36 218.166.29.83 MAIL - 250 17:06:37 218.166.29.83 RCPT - 550 17:06:37 218.166.29.83 QUIT - 240 17:06:41 218.166.29.83 HELO - 250 17:06:41 218.166.29.83 MAIL - 250 17:06:41 218.166.29.83 RCPT - 550 17:06:42 218.166.29.83 QUIT - 240 17:06:46 195.12.4.238 - - 0 17:06:46 195.12.4.238 EHLO - 0 17:06:46 195.12.4.238 - - 0 17:06:46 195.12.4.238 ETRN - 0 17:06:46 195.12.4.238 - - 0 17:06:46 195.12.4.238 QUIT - 0 17:06:48 195.12.4.238 - - 0 17:07:05 218.166.29.83 HELO - 250 17:07:05 218.166.29.83 MAIL - 250 17:07:05 218.166.64.161 HELO - 250 17:07:05 218.166.29.83 RCPT - 550 17:07:05 218.166.64.161 MAIL - 250 17:07:07 218.166.29.83 QUIT - 240 17:07:07 206.131.244.10 HELO - 250 17:07:09 218.166.64.161 RCPT - 550 17:07:09 218.166.64.161 QUIT - 240 17:07:09 206.131.244.10 MAIL - 250 17:07:12 206.131.244.10 RCPT - 250 17:07:16 206.131.244.10 DATA - 250 17:07:24 206.131.244.10 QUIT - 240 What is worrying me is that this has just started happening since Saturday and is now ongoing. The 195.12.4.238 is our valid ISP mail relayer. Simon -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Monday, January 05, 2004 4:27 PM To: [ExchangeList] Subject: [exchangelist] RE: Current sessions[Scanned] http://www.MSExchange.org/ Just to be sure Simon, you should check your SMTP logs to verify that they aren't sending any mail. That'll also tell you what they're doing depending on logging level. Al -----Original Message----- From: Simon Bound [mailto:simon.bound@xxxxxxxxxxxxxxxxxxxx] Sent: Monday, January 05, 2004 11:20 AM To: [ExchangeList] Subject: [exchangelist] RE: Current sessions[Scanned] http://www.MSExchange.org/ Ok Mark thanks.......Anti-Spam program ? Not installed as it has never been a problem here in the UK with this company. Unless the company gets inundated (which it isn't) I guess I can ignore these "connections" can I ? Not being up in the world of the spammer can you tell me what they are doing when having these sessions open ? Assuming they can't do anything - what's the point ? Simon Bound -----Original Message----- From: Mark Fugatt [mailto:mark@xxxxxxxxx] Sent: Monday, January 05, 2004 3:46 PM To: [ExchangeList] Subject: [exchangelist] RE: Current sessions[Scanned] http://www.MSExchange.org/ Your going to keep getting them, if not from those address then from some others, its just spammers trying to send you spam, your anti-spam program should take care of it, it would be a waste of time sitting there trying to kill all the SMTP connection that you don't know about. Mark Fugatt MCSE, MCT, Microsoft Exchange MVP Pentech Office Solutions Inc Rochester, NY Tel: 585 576 4750 http://www.4mcts.com http://www.exchangetrainer.com -----Original Message----- From: Simon Bound [mailto:simon.bound@xxxxxxxxxxxxxxxxxxxx] Sent: Monday, January 05, 2004 10:44 AM To: [ExchangeList] Subject: [exchangelist] RE: Current sessions[Scanned] http://www.MSExchange.org/ I have specific IP address of 218.166.160.136, 218.167.71.181 and 61.223.89.221 which all appear to belong to the same company in Taiwan.... -----Original Message----- From: Mark Fugatt [mailto:mark@xxxxxxxxx] Sent: Monday, January 05, 2004 3:42 PM To: [ExchangeList] Subject: [exchangelist] RE: Current sessions[Scanned] http://www.MSExchange.org/ They could be other peoples SMTP servers trying to send mail to you. Mark Fugatt MCSE, MCT, Microsoft Exchange MVP Pentech Office Solutions Inc Rochester, NY Tel: 585 576 4750 http://www.4mcts.com http://www.exchangetrainer.com -----Original Message----- From: Simon Bound [mailto:simon.bound@xxxxxxxxxxxxxxxxxxxx] Sent: Monday, January 05, 2004 10:46 AM To: [ExchangeList] Subject: [exchangelist] Current sessions http://www.MSExchange.org/ I've been having a look at E2K Manager and Current Sessions and have found several "unknown" users appearing for upto 6k+ seconds. I have disconnected them. Can anyone enlighten me as to how they have connected and or might be doing ? I I have checked setup on this server for relaying and all apears ok and battened down. The server is apparently behind an ISP Firewall. Thanks Simon Bound ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------