Skip outgoing message? [Archive] - Server Side Solutions Forums

View Full Version : Skip outgoing message?

Jared

05-05-2004, 06:28 PM

I have had a few viruses get through eWall and when I go to look at the logs
for eWall the messages that got through have "Skip outgoing message".

5/5/2004 10:53:36 AM - Requesting connection from United States 155.13.48.3
5/5/2004 10:53:36 AM ID:313 Checking '155.13.48.3' in 'bl.spamcop.net'...
5/5/2004 10:53:36 AM ID:313 Checking '155.13.48.3' in 'sbl.spamhaus.org'...
5/5/2004 10:53:36 AM ID:313 Checking '155.13.48.3' in 'spam.dnsrbl.net'...
5/5/2004 10:53:38 AM ID:313 Handling by server 127.0.0.1:2525
5/5/2004 10:53:38 AM ID:313 220 eWall v2.0 at mail.mydomain.com ArGoSoft
Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.5.8)
5/5/2004 10:53:38 AM ID:313 EHLO dnsp1.sce.com
5/5/2004 10:53:38 AM ID:313 250-Welcome, 127.0.0.1 [127.0.0.1], pleased to
meet you
5/5/2004 10:53:38 AM ID:313 250-AUTH=LOGIN
5/5/2004 10:53:38 AM ID:313 250-AUTH LOGIN
5/5/2004 10:53:38 AM ID:313 250-SIZE 11534336
5/5/2004 10:53:38 AM ID:313 250 HELP
5/5/2004 10:53:38 AM ID:313 MAIL From:<> SIZE=24180
5/5/2004 10:53:39 AM ID:313 250 Sender "" OK...
5/5/2004 10:53:39 AM ID:313 RCPT To:<myuser@mydomain.com>
5/5/2004 10:53:40 AM ID:313 250 Recipient "myuser" OK...
5/5/2004 10:53:40 AM ID:313 DATA
5/5/2004 10:53:40 AM ID:313 354 Ready
5/5/2004 10:53:41 AM ID:313 Skip outgoing message
5/5/2004 10:53:41 AM ID:313 250 Message accepted for delivery.
5/5/2004 10:53:42 AM ID:313 QUIT
5/5/2004 10:53:42 AM ID:313 221 Aba he
5/5/2004 10:53:42 AM ID:313 Disconnected

Any ideas why it would be doing this?

I am using Windows Server 2003, ArgoSoft v1858 and McAfee VirusScan v7.0
Enterprise Edtion

Jared Schmidt
www.cobrics.com

Alexander Telegin [SSS]

05-05-2004, 06:33 PM

Must be bug...

- Alex

Jared

05-05-2004, 06:49 PM

One other thing I noticed is that all the connections were it has "Skip
outgoing message" it also has MAIL From as <> as you can see in the log
below.

Jared Schmidt
www.cobrics.com

Jared

05-05-2004, 06:51 PM

Oh, and I'm sorry its eWall v 2.0.130

Jared Schmidt
www.cobrics.com

Alexander Telegin [SSS]

05-05-2004, 07:27 PM

Fixed. Please re-download last version.
http://sssolutions.net/8-)/downloads.php?p=EB

- Alex

Jared

05-06-2004, 02:21 PM

Hmm its still comes up with "Skip outgoing message". Why would it think they
are outgoing messages?

Jared Schmidt
www.cobrics.com

Alexander Telegin [SSS]

05-06-2004, 02:23 PM

Fix didn't work?

- Alex

Jared

05-06-2004, 02:47 PM

Nope :o(

Jared Schmidt
www.cobrics.com

Alexander Telegin [SSS]

05-06-2004, 04:56 PM

Please try again (download last version).

- Alex

Jared

05-07-2004, 01:39 PM

Its still skipping messages. The messages that it skips are emails returned
from another mail server saying one of my users had sent them the Netsky
virus.

Jared Schmidt
www.cobrics.com

Alexander Telegin [SSS]

05-07-2004, 02:36 PM

Hm... maybe it skips them for another reason? What is the logs this time?

- Alex

Jared

05-07-2004, 02:47 PM

5/6/2004 11:49:02 PM - Requesting connection from United States 64.29.144.72
5/6/2004 11:49:02 PM ID:4084 Checking '64.29.144.72' in 'bl.spamcop.net'...
5/6/2004 11:49:02 PM ID:4084 Checking '64.29.144.72' in
'sbl.spamhaus.org'...
5/6/2004 11:49:02 PM ID:4084 Checking '64.29.144.72' in 'spam.dnsrbl.net'...
5/6/2004 11:49:03 PM ID:4084 Handling by server 127.0.0.1:2525
5/6/2004 11:49:03 PM ID:4084 220 eWall v2.0 at mail.mydomain.com ArGoSoft
Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.5.8)
5/6/2004 11:49:03 PM ID:4084 EHLO mx5.fl.megamailservers.com
5/6/2004 11:49:04 PM ID:4084 250-Welcome, 127.0.0.1 [127.0.0.1], pleased to
meet you
5/6/2004 11:49:04 PM ID:4084 250-AUTH=LOGIN
5/6/2004 11:49:04 PM ID:4084 250-AUTH LOGIN
5/6/2004 11:49:04 PM ID:4084 250-SIZE 11534336
5/6/2004 11:49:04 PM ID:4084 250 HELP
5/6/2004 11:49:04 PM ID:4084 MAIL From:<> SIZE=43042
5/6/2004 11:49:04 PM ID:4084 250 Sender "" OK...
5/6/2004 11:49:04 PM ID:4084 RCPT To:<sports@mydomain.com>
5/6/2004 11:49:05 PM ID:4084 250 Will deliver to local distribution list
sports
5/6/2004 11:49:05 PM ID:4084 DATA
5/6/2004 11:49:05 PM ID:4084 354 Ready
5/6/2004 11:49:06 PM ID:4084 Received: 44460 bytes (656 lines)
5/6/2004 11:49:06 PM ID:4084 Skip outgoing message
5/6/2004 11:49:06 PM ID:4084 250 Message accepted for delivery.
5/6/2004 11:49:10 PM ID:4080 Message read timeout
5/6/2004 11:49:10 PM ID:4080 Disconnected

Jared Schmidt
www.cobrics.com

Dave Taylor

05-07-2004, 10:20 PM

Alex, is there any way to ban MAIL From:<>
99% it's a mailer daemon responding to something you didn't send. I have a
domain getting about 30,000 a day because some spammer is spoofing one of my
client domains. In xmail you can set it to reject mail from <> , but it
would be good to set it in ewall before it starts the conversation with
xmail.

5/6/2004 11:49:04 PM ID:4084 MAIL From:<> SIZE=43042
5/6/2004 11:49:04 PM ID:4084 550 You are the weekest link goodbye

Dave

James Robertson

05-07-2004, 10:33 PM

rotflol

who said texhies didn't have a sense of humour. :)

> 5/6/2004 11:49:04 PM ID:4084 550 You are the weekest link goodbye

Alexander Telegin [SSS]

05-08-2004, 07:09 AM

Why can't you set this option in mail server?

- Alex

Dave Taylor

05-08-2004, 04:57 PM

I have, but it would be nice if I could get ewall to reject it immediately
without even talking to the mail server.
It's no big thing, I just thought it would be more efficient.
Dave

Alexander Telegin [SSS]

05-08-2004, 05:27 PM

Since EW is transparent, it will save only one request from server.

- Alex