Forum Home

Replying to a message from: Tom

Today Xeams was stopped, it had to process 20K E-mails from an single IP from Spain 77 IP Address see screenshots. Those Mails are not pointed to E-mail addresses for my Exchange "Accepted Domains" policy. Somehow Xeams has 'forwarded' those 20K E-mails to the exchange server. The Exchange server (I'm unsure why) starts trying to send the 20K mails to the internet. A smart Host SMTP connecto5r from my provider intercepted and stopped the SPAM spreading.

Exchange Spam

My Question, why did those 20K messages went trough XEAMS to the Exchange server? Most of the time Xeams stops and filters / labels Spam perfectly.. Where can I look?

 

Best Regards Tom

 

Below a conversation  logs/SMTPOuboundConversation.log from Xeams to Exchange

2018-08-27 12:54:41,640 - [ 102341] C --> 250-AUTH
2018-08-27 12:54:41,640 - [ 102341] C --> 250-8BITMIME
2018-08-27 12:54:41,640 - [ 102341] C --> 250-BINARYMIME
2018-08-27 12:54:41,640 - [ 102341] C --> 250 CHUNKING
2018-08-27 12:54:41,640 - [ 102341] S 220 W12-Exchange.odb.local Microsoft ESMTP MAIL Service ready at Mon, 27 Aug 2018 12:56:18 +0200
2018-08-27 12:54:41,641 - [ 102340] ************ New (secure) connection to: 192.168.5.13
2018-08-27 12:54:41,642 - [ 102335] C --> 220 2.0.0 SMTP server ready
2018-08-27 12:54:41,642 - [ 102341] C --> 220 2.0.0 SMTP server ready
2018-08-27 12:54:41,642 - [ 102335] ************ New (secure) connection to: 192.168.5.13
2018-08-27 12:54:41,643 - [ 102340] S 250-W12-Exchange.odb.local Hello [192.168.5.145]
2018-08-27 12:54:41,647 - [ 102342] C --> 250-SIZE 36700160
2018-08-27 12:54:41,647 - [ 102342] C --> 250-PIPELINING
2018-08-27 12:54:41,647 - [ 102342] C --> 250-DSN
2018-08-27 12:54:41,647 - [ 102342] C --> 250-ENHANCEDSTATUSCODES
2018-08-27 12:54:41,647 - [ 102342] C --> 250-STARTTLS
2018-08-27 12:54:41,647 - [ 102342] C --> 250-AUTH
2018-08-27 12:54:41,647 - [ 102342] C --> 250-8BITMIME
2018-08-27 12:54:41,647 - [ 102342] C --> 250-BINARYMIME
2018-08-27 12:54:41,647 - [ 102342] C --> 250 CHUNKING
2018-08-27 12:54:41,647 - [ 102342] S 220 2.0.0 SMTP server ready
2018-08-27 12:54:41,649 - [ 102342] ************ New (secure) connection to: 192.168.5.13
2018-08-27 12:54:41,650 - [ 102342] S 250-W12-Exchange.odb.local Hello [192.168.5.145]
2018-08-27 12:54:41,951 - [ 102339] C --> 250-SIZE 36700160
2018-08-27 12:54:41,951 - [ 102339] C --> 250-PIPELINING
2018-08-27 12:54:41,951 - [ 102339] C --> 250-DSN
2018-08-27 12:54:41,951 - [ 102339] C --> 250-ENHANCEDSTATUSCODES
2018-08-27 12:54:41,951 - [ 102339] C --> 250-AUTH
2018-08-27 12:54:41,951 - [ 102339] C --> 250-8BITMIME
2018-08-27 12:54:41,951 - [ 102339] C --> 250-BINARYMIME
2018-08-27 12:54:41,951 - [ 102339] C --> 250 CHUNKING
2018-08-27 12:54:41,951 - [ 102339] S
2018-08-27 12:54:41,951 - [ 102334] C --> 250-W12-Exchange.odb.local Hello [192.168.5.145]
2018-08-27 12:54:41,951 - [ 102334] C --> 250-SIZE 36700160
2018-08-27 12:54:41,951 - [ 102334] C --> 250-PIPELINING
2018-08-27 12:54:41,951 - [ 102342] C --> 250-W12-Exchange.odb.local Hello [192.168.5.145]
2018-08-27 12:54:41,951 - [ 102342] C --> 250-SIZE 36700160
2018-08-27 12:54:41,951 - [ 102334] C --> 250-DSN
2018-08-27 12:54:41,951 - [ 102334] C --> 250-ENHANCEDSTATUSCODES
2018-08-27 12:54:41,951 - [ 102334] C --> 250-AUTH
2018-08-27 12:54:41,951 - [ 102334] C --> 250-8BITMIME
2018-08-27 12:54:41,951 - [ 102341] C --> 250-W12-Exchange.odb.local Hello [192.168.5.145]
2018-08-27 12:54:41,951 - [ 102341] C --> 250-SIZE 36700160
2018-08-27 12:54:41,951 - [ 102341] C --> 250-PIPELINING
2018-08-27 12:54:41,951 - [ 102341] C --> 250-DSN
2018-08-27 12:54:41,951 - [ 102341] C --> 250-ENHANCEDSTATUSCODES
2018-08-27 12:54:41,951 - [ 102341] C --> 250-AUTH
2018-08-27 12:54:41,951 - [ 102341] C --> 250-8BITMIME
2018-08-27 12:54:41,951 - [ 102341] C --> 250-BINARYMIME
2018-08-27 12:54:41,951 - [ 102341] C --> 250 CHUNKING
2018-08-27 12:54:41,951 - [ 102341] S
2018-08-27 12:54:41,951 - [ 102337] C --> 250-W12-Exchange.odb.local Hello [192.168.5.145]
2018-08-27 12:54:41,951 - [ 102337] C --> 250-SIZE 36700160
2018-08-27 12:54:41,951 - [ 102337] C --> 250-PIPELINING
2018-08-27 12:54:41,951 - [ 102337] C --> 250-DSN
2018-08-27 12:54:41,951 - [ 102337] C --> 250-ENHANCEDSTATUSCODES
2018-08-27 12:54:41,951 - [ 102337] C --> 250-AUTH
2018-08-27 12:54:41,951 - [ 102337] C --> 250-8BITMIME
2018-08-27 12:54:41,952 - [ 102337] C --> 250-BINARYMIME
2018-08-27 12:54:41,952 - [ 102337] C --> 250 CHUNKING
2018-08-27 12:54:41,952 - [ 102337] S
2018-08-27 12:54:41,952 - [ 102336] C --> 250-W12-Exchange.odb.local Hello [192.168.5.145]
2018-08-27 12:54:41,952 - [ 102336] C --> 250-SIZE 36700160
2018-08-27 12:54:41,952 - [ 102336] C --> 250-PIPELINING
2018-08-27 12:54:41,952 - [ 102336] C --> 250-DSN
2018-08-27 12:54:41,952 - [ 102336] C --> 250-ENHANCEDSTATUSCODES
2018-08-27 12:54:41,952 - [ 102336] C --> 250-AUTH
2018-08-27 12:54:41,952 - [ 102336] C --> 250-8BITMIME
2018-08-27 12:54:41,952 - [ 102336] C --> 250-BINARYMIME
2018-08-27 12:54:41,952 - [ 102336] C --> 250 CHUNKING
2018-08-27 12:54:41,952 - [ 102336] S
2018-08-27 12:54:41,951 - [ 102342] C --> 250-PIPELINING
2018-08-27 12:54:41,952 - [ 102342] C --> 250-DSN
2018-08-27 12:54:41,952 - [ 102342] C --> 250-ENHANCEDSTATUSCODES
2018-08-27 12:54:41,952 - [ 102342] C --> 250-AUTH
2018-08-27 12:54:41,952 - [ 102342] C --> 250-8BITMIME
2018-08-27 12:54:41,952 - [ 102342] C --> 250-BINARYMIME
2018-08-27 12:54:41,952 - [ 102342] C --> 250 CHUNKING
2018-08-27 12:54:41,952 - [ 102342] S
2018-08-27 12:54:41,952 - [ 102339] C --> 250 2.1.0 Sender OK
2018-08-27 12:54:41,952 - [ 102339] S
2018-08-27 12:54:41,952 - [ 102338] C --> 250-W12-Exchange.odb.local Hello [192.168.5.145]
2018-08-27 12:54:41,952 - [ 102338] C --> 250-SIZE 36700160
2018-08-27 12:54:41,952 - [ 102338] C --> 250-PIPELINING
2018-08-27 12:54:41,952 - [ 102338] C --> 250-DSN
2018-08-27 12:54:41,952 - [ 102338] C --> 250-ENHANCEDSTATUSCODES
2018-08-27 12:54:41,952 - [ 102338] C --> 250-AUTH
2018-08-27 12:54:41,952 - [ 102338] C --> 250-8BITMIME
2018-08-27 12:54:41,952 - [ 102338] C --> 250-BINARYMIME
2018-08-27 12:54:41,952 - [ 102338] C --> 250 CHUNKING
2018-08-27 12:54:41,952 - [ 102338] S
2018-08-27 12:54:41,952 - [ 102341] C --> 250 2.1.0 Sender OK
2018-08-27 12:54:41,952 - [ 102341] S
2018-08-27 12:54:41,953 - [ 102337] C --> 250 2.1.0 Sender OK
2018-08-27 12:54:41,953 - [ 102337] S
2018-08-27 12:54:41,953 - [ 102336] C --> 250 2.1.0 Sender OK
2018-08-27 12:54:41,951 - [ 102334] C --> 250-BINARYMIME
2018-08-27 12:54:41,953 - [ 102336] S
2018-08-27 12:54:41,953 - [ 102342] C --> 250 2.1.0 Sender OK
2018-08-27 12:54:41,953 - [ 102342] S
2018-08-27 12:54:41,953 - [ 102334] C --> 250 CHUNKING
2018-08-27 12:54:41,953 - [ 102334] S
2018-08-27 12:54:41,953 - [ 102338] C --> 250 2.1.0 Sender OK
2018-08-27 12:54:41,953 - [ 102338] S
2018-08-27 12:54:41,953 - [ 102336] C --> 250 2.1.5 Recipient OK
2018-08-27 12:54:41,954 - [ 102336] S 250 2.1.5 Recipient OK
2018-08-27 12:54:41,954 - [ 102337] S 250 2.1.0 Sender OK
2018-08-27 12:54:41,954 - [ 102334] S
2018-08-27 12:54:41,954 - [ 102337] C --> 354 Start mail input; end with .
2018-08-27 12:54:41,954 - [ 102334] C --> 250 2.1.5 Recipient OK
2018-08-27 12:54:41,954 - [ 102334] S 250 2.1.5 Recipient OK
2018-08-27 12:54:41,955 - [ 102341] S 250 2.1.5 Recipient OK
2018-08-27 12:54:41,955 - [ 102342] S 354 Start mail input; end with .
2018-08-27 12:54:41,955 - [ 102339] C --> 250 2.1.5 Recipient OK
2018-08-27 12:54:41,955 - [ 102339] S 250 2.1.5 Recipient OK
2018-08-27 12:54:41,955 - [ 102338] S 354 Start mail input; end with .
2018-08-27 12:54:41,957 - [ 102342] C --> 354 Start mail input; end with .
2018-08-27 12:54:41,958 - [ 102339] C --> 354 Start mail input; end with .
2018-08-27 12:54:41,958 - [ 102338] C --> 354 Start mail input; end with .
2018-08-27 12:54:41,987 - [ 102341] C --> 354 Start mail input; end with .
2018-08-27 12:54:42,025 - [ 102340] C --> 250-W12-Exchange.odb.local Hello [192.168.5.145]
2018-08-27 12:54:42,025 - [ 102340] C --> 250-SIZE 36700160
2018-08-27 12:54:42,025 - [ 102340] C --> 250-PIPELINING
2018-08-27 12:54:42,025 - [ 102340] C --> 250-DSN
2018-08-27 12:54:42,025 - [ 102340] C --> 250-ENHANCEDSTATUSCODES
2018-08-27 12:54:42,026 - [ 102340] C --> 250-AUTH
2018-08-27 12:54:42,026 - [ 102340] C --> 250-8BITMIME
2018-08-27 12:54:42,026 - [ 102340] C --> 250-BINARYMIME
2018-08-27 12:54:42,026 - [ 102340] C --> 250 CHUNKING
2018-08-27 12:54:42,026 - [ 102340] S
2018-08-27 12:54:42,026 - [ 102340] C --> 250 2.1.0 Sender OK
2018-08-27 12:54:42,027 - [ 102340] S
2018-08-27 12:54:42,027 - [ 102340] C --> 250 2.1.5 Recipient OK
2018-08-27 12:54:42,027 - [ 102340] S