Hello!
We are using hMailserver 4.4.2-B277.
It's too old, I know, but it works fine.
Last time we found a problem: someone
starts to send spam and phishing from our server.
But one starnge thing: spam sends fron one-two
of our accounts and I not see any data about
authorisation in logs.
In april, I found a IP-address of sender in file .eml
I create a IP-range with this IP, and I wrote
to provider of IP.
And now the attack repeated!
May be any ideas about settings of hMailserver?
Sorry for my BAD English!
hMailserver hacked?
Re: hMailserver hacked?
- Can you post a piece of the SMTPD logfile were the attacker sends the mail(s)?
- run this and post the results: https://www.hmailserver.com/forum/viewt ... 20&t=30914
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
-
jimimaseye
- Moderator
- Posts: 8861
- Joined: 2011-09-08 17:48
Re: hMailserver hacked?
(I'm not sure the script will work completely with his hideously old version. This should be interesting.)RvdH wrote: ↑2020-05-04 09:27[*] run this and post the results: https://www.hmailserver.com/forum/viewt ... 20&t=30914
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: hMailserver hacked?
lol, fingers crossedjimimaseye wrote: ↑2020-05-04 09:32(I'm not sure the script will work completely with his hideously old version. This should be interesting.)RvdH wrote: ↑2020-05-04 09:27[*] run this and post the results: https://www.hmailserver.com/forum/viewt ... 20&t=30914
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
Re: hMailserver hacked?
"TCPIP" 5732 "2020-05-04 08:17:31.320" "Created accept socket 1472 on listening socket 1076"RvdH wrote: ↑2020-05-04 09:27
- Can you post a piece of the SMTPD logfile were the attacker sends the mail(s)?
- run this and post the results: https://www.hmailserver.com/forum/viewt ... 20&t=30914
"SMTPD" 5732 42119 "2020-05-04 08:17:31.320" "5.167.54.210" "SENT: 220 SOFT Corporation"
"SMTPD" 5732 42119 "2020-05-04 08:17:31.570" "5.167.54.210" "RECEIVED: HELO User"
"SMTPD" 5732 42119 "2020-05-04 08:17:31.570" "5.167.54.210" "SENT: 250 Hello."
"SMTPD" 5732 42119 "2020-05-04 08:17:31.820" "5.167.54.210" "RECEIVED: RSET"
"SMTPD" 5732 42119 "2020-05-04 08:17:31.820" "5.167.54.210" "SENT: 250 OK"
"SMTPD" 5732 42119 "2020-05-04 08:17:32.054" "5.167.54.210" "RECEIVED: MAIL FROM:<nwo9@soft-corp.ru>"
"SMTPD" 5732 42119 "2020-05-04 08:17:32.070" "5.167.54.210" "SENT: 250 OK"
"SMTPD" 5732 42119 "2020-05-04 08:17:32.320" "5.167.54.210" "RECEIVED: RCPT TO:<info@unbent.uk>"
"SMTPD" 5732 42119 "2020-05-04 08:17:32.320" "5.167.54.210" "SENT: 250 OK"
"SMTPD" 5732 42119 "2020-05-04 08:17:32.570" "5.167.54.210" "RECEIVED: RCPT TO:<les2sc@yandex.com>"
"SMTPD" 5732 42119 "2020-05-04 08:17:32.570" "5.167.54.210" "SENT: 250 OK"
"SMTPD" 5732 42119 "2020-05-04 08:17:32.820" "5.167.54.210" "RECEIVED: RCPT TO:<lescadding@gmail.com>"
"SMTPD" 5732 42119 "2020-05-04 08:17:32.820" "5.167.54.210" "SENT: 250 OK"
"SMTPD" 5732 42119 "2020-05-04 08:17:33.085" "5.167.54.210" "RECEIVED: RCPT TO:<obitaxsony@gmail.com>"
"SMTPD" 5732 42119 "2020-05-04 08:17:33.085" "5.167.54.210" "SENT: 250 OK"
"SMTPD" 5732 42119 "2020-05-04 08:17:33.351" "5.167.54.210" "RECEIVED: RCPT TO:<obitaxsony@hotmail.com>"
"SMTPD" 5732 42119 "2020-05-04 08:17:33.351" "5.167.54.210" "SENT: 250 OK"
"SMTPD" 5732 42119 "2020-05-04 08:17:33.601" "5.167.54.210" "RECEIVED: RCPT TO:<obitaxsony@yahoo.com>"
"SMTPD" 5732 42119 "2020-05-04 08:17:33.601" "5.167.54.210" "SENT: 250 OK"
"SMTPD" 5732 42119 "2020-05-04 08:17:33.867" "5.167.54.210" "RECEIVED: DATA"
"SMTPD" 5732 42119 "2020-05-04 08:17:33.867" "5.167.54.210" "SENT: 354 OK, send."
"SMTPD" 5732 42119 "2020-05-04 08:17:34.507" "5.167.54.210" "SENT: 250 Queued (0.593 seconds)"
"APPLICATION" 3044 "2020-05-04 08:17:34.507" "SMTPDeliverer - Message 11118588: Delivering message from nwo9@soft-corp.ru to info@unbent.uk, les2sc@yandex.com, lescadding@gmail.com, obitaxsony@gmail.com, obitaxsony@hotmail.com, obitaxsony@yahoo.com. File: C:\Program Files\hMailServer\Data\{3F1E4486-F92A-4595-9705-072DA7ACC40C}.eml"
"SMTPD" 5732 42119 "2020-05-04 08:17:34.773" "5.167.54.210" "RECEIVED: QUIT"
"SMTPD" 5732 42119 "2020-05-04 08:17:34.773" "5.167.54.210" "SENT: 221 goodbye"
"TCPIP" 5732 "2020-05-04 08:17:34.773" "Disconnecting socket 2144 for session 42119"
Re: hMailserver hacked?
Error in line 31jimimaseye wrote: ↑2020-05-04 09:32(I'm not sure the script will work completely with his hideously old version. This should be interesting.)RvdH wrote: ↑2020-05-04 09:27[*] run this and post the results: https://www.hmailserver.com/forum/viewt ... 20&t=30914
Re: hMailserver hacked?
5.167.54.*** is you? (mail.soft-corp.ru)
I think you should require SMTP authentication for local to external on IP Range 5.167.54.*** immediately (if you have this ip configured as IP range)
Anything on mail.soft-corp.ru (5.167.54.***) now can send mail unauthenticated, so if you have system with malware behind 5.167.54.*** you are screwed
Basically you are an open relay for anything sending from 5.167.54.***.
I also suggest to do a full virus/malware scan on the system(s) behind 5.167.54.***
I think you should require SMTP authentication for local to external on IP Range 5.167.54.*** immediately (if you have this ip configured as IP range)
Anything on mail.soft-corp.ru (5.167.54.***) now can send mail unauthenticated, so if you have system with malware behind 5.167.54.*** you are screwed
Basically you are an open relay for anything sending from 5.167.54.***.
I also suggest to do a full virus/malware scan on the system(s) behind 5.167.54.***
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
Re: hMailserver hacked?
version from 2008 - wow!!!
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: hMailserver hacked?
> 5.167.54.*** is you? (mail.soft-corp.ru)
Yes, it's a external IP of our server
> I think you should require SMTP authentication for local to external on IP Range 5.167.54.*** immediately (if you have this ip configured as IP range)
> Anything on mail.soft-corp.ru (5.167.54.***) now can send mail unauthenticated, so if you have system with malware behind 5.167.54.*** you are screwed
> Basically you are an open relay for anything sending from 5.167.54.***.
> I also suggest to do a full virus/malware scan on the system(s) behind 5.167.54.***
I've attached files of ip ranges (there are another ranges).
Yes, it's a external IP of our server
> I think you should require SMTP authentication for local to external on IP Range 5.167.54.*** immediately (if you have this ip configured as IP range)
> Anything on mail.soft-corp.ru (5.167.54.***) now can send mail unauthenticated, so if you have system with malware behind 5.167.54.*** you are screwed
> Basically you are an open relay for anything sending from 5.167.54.***.
> I also suggest to do a full virus/malware scan on the system(s) behind 5.167.54.***
I've attached files of ip ranges (there are another ranges).
- Attachments
-
-
Re: hMailserver hacked?
Last attack was form ip 64.227.10.70 (I found this ip in .eml files).
May be, anyone mask ip-address?
May be anyone use ip rnage 127.0.0.1?
May be, anyone mask ip-address?
May be anyone use ip rnage 127.0.0.1?
Re: hMailserver hacked?
I doubt that, probably you have a malware infection somewhere sending out spam using the 5.167.54.*** IP Range
In the 5.167.54.*** IP Range, under Require Authentication for deliveries at least check "To Remote account"
If the malware is smart enough they probably will know/find hte password in no time, but at least then you will know what account/system is compromised
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
Re: hMailserver hacked?
5.167.54.*** - it's our ip-address.RvdH wrote: ↑2020-05-04 11:27I doubt that, probably you have a malware infection somewhere sending out spam using the 5.167.54.*** IP Range
In the 5.167.54.*** IP Range, under Require Authentication for deliveries at least check "To Remote account"
If the malware is smart enough they probably will know/find hte password in no time, but at least then you will know what account/system is compromised
If malware using the 5.167.54.*** IP Range - that's mean malware from our server or from computer of LAN?
I'm sure - there no malware in our LAN.
Last attack was from ip 64.227.10.70 (found in e-mails) - this ip from another country.
Last attack stops after I create IP-range with this ip and without any permissions.
I'm change password of admin account, thanks for advice!
Re: hMailserver hacked?
The log you posted here says the (offending) sending ip is 5.167.54.*** or you just pasted some log, but not the log i asked for
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
Re: hMailserver hacked?
I'm not sure and I make a test.
From my ip 80.80.x.x I send mail from admin@soft-corp.ru to other address.
Below is smtp log (sorry, I enable debug logs):
But I can't find ip of sender (80.80.x.x)
I think, this version of HMS don't write sender's ip in logs.
Howewer, I see difference between two logs: in first log (malware) there are no authorization
=========================================================================================================================================
"DEBUG" 4332 "2020-05-04 23:48:57.431" "Socket::~Socket(ID: 45787)"
"TCPIP" 4332 "2020-05-04 23:49:35.119" "Created accept socket 2168 on listening socket 1076"
"DEBUG" 4332 "2020-05-04 23:49:35.119" "Socket::Socket(ID: 45788)"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.119" "5.167.54.210" "SENT: 220 SOFT Corporation"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.150" "5.167.54.210" "RECEIVED: EHLO [192.168.1.9]"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.150" "5.167.54.210" "SENT: 250-hmailserver[nl]250-SIZE 51200000[nl]250 AUTH LOGIN PLAIN"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.197" "5.167.54.210" "RECEIVED: AUTH PLAIN .......
"SMTPD" 4332 45788 "2020-05-04 23:49:35.197" "5.167.54.210" "SENT: 235 authenticated."
"SMTPD" 4332 45788 "2020-05-04 23:49:35.228" "5.167.54.210" "RECEIVED: MAIL FROM:<admin@soft-corp.ru> SIZE=422"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.244" "5.167.54.210" "SENT: 250 OK"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.275" "5.167.54.210" "RECEIVED: RCPT TO:<ffvvvv@mail.ru>"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.275" "5.167.54.210" "SENT: 250 OK"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.306" "5.167.54.210" "RECEIVED: DATA"
"DEBUG" 4332 "2020-05-04 23:49:35.322" "TransparentTransmissionBuffer::Initialize()"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.322" "5.167.54.210" "SENT: 354 OK, send."
"DEBUG" 4332 "2020-05-04 23:49:35.353" "ScriptServer:FireEvent"
"DEBUG" 4332 "2020-05-04 23:49:35.369" "ScriptServer:~FireEvent"
"DEBUG" 4332 "2020-05-04 23:49:35.369" "PMADO:SaveObject()"
"DEBUG" 4332 "2020-05-04 23:49:35.369" "Adding message to database. File: C:\Program Files\hMailServer\Data\{22F27D21-F448-4901-8EBE-1FD9DC13E8B8}.eml"
"DEBUG" 4332 "2020-05-04 23:49:35.369" "PMADO:~SaveObject()"
"DEBUG" 4332 "2020-05-04 23:49:35.369" "Message added. File: C:\Program Files\hMailServer\Data\{22F27D21-F448-4901-8EBE-1FD9DC13E8B8}.eml"
"DEBUG" 4332 "2020-05-04 23:49:35.369" "Application::SubmitPendingEmail()"
"DEBUG" 4332 "2020-05-04 23:49:35.369" "Application::~SubmitPendingEmail()"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.369" "5.167.54.210" "SENT: 250 Queued (0.032 seconds)"
"DEBUG" 3044 "2020-05-04 23:49:35.384" "SD::DeliverMessage"
"APPLICATION" 3044 "2020-05-04 23:49:35.384" "SMTPDeliverer - Message 11119236: Delivering message from admin@soft-corp.ru to ffvvvv@mail.ru. File: C:\Program Files\hMailServer\Data\{22F27D21-F448-4901-8EBE-1FD9DC13E8B8}.eml"
"DEBUG" 3044 "2020-05-04 23:49:35.384" "CustomVirusScanner::Scan()"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.447" "5.167.54.210" "RECEIVED: QUIT"
"SMTPD" 4332 45788 "2020-05-04 23:49:35.447" "5.167.54.210" "SENT: 221 goodbye"
"TCPIP" 4332 "2020-05-04 23:49:35.447" "Disconnecting socket 1956 for session 45788"
"DEBUG" 4332 "2020-05-04 23:49:35.447" "Socket::~Socket(ID: 45788)"
"DEBUG" 3044 "2020-05-04 23:49:35.572" "CustomVirusScanner::Scan() - C:\clamav\clamdscan.exe --config-file=C:\clamav\clamd.conf "C:\Program Files\hMailServer\Data\{22F27D21-F448-4901-8EBE-1FD9DC13E8B8}.eml" - Returned 0"
"DEBUG" 3044 "2020-05-04 23:49:35.572" "CustomVirusScanner::~Scan()"
"DEBUG" 3044 "2020-05-04 23:49:35.572" "RuleApplier::ApplyRules"
"DEBUG" 3044 "2020-05-04 23:49:35.572" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.572" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.572" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.572" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.587" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.603" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.619" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.634" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.650" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.665" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.681" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.697" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.712" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.728" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.744" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.759" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.775" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.790" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.806" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::~_ApplyRule"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "RuleApplier::~ApplyRules"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "SD::_DeliverToLocalAccounts"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "SD::~_DeliverToLocalAccounts"
"DEBUG" 3044 "2020-05-04 23:49:35.822" "SD::_DeliverToExternalAccounts"
"TCPIP" 3044 "2020-05-04 23:49:35.837" "DNS - MX Lookup: mail.ru"
"TCPIP" 3044 "2020-05-04 23:49:35.900" "DNS - MX Result: 2 IP addresses were found."
"DEBUG" 3044 "2020-05-04 23:49:35.900" "SD::_InitiateExternalConnection"
"DEBUG" 3044 "2020-05-04 23:49:35.900" "Socket::Socket(ID: 45789)"
"DEBUG" 4332 "2020-05-04 23:49:35.947" "SMTPClientConnection::_ParseASCII()"
"SMTPC" 4332 45789 "2020-05-04 23:49:35.947" "94.100.180.31" "RECEIVED: 220 mxs.mail.ru ESMTP ready "
"SMTPC" 4332 45789 "2020-05-04 23:49:35.947" "94.100.180.31" "SENT: HELO mail.soft-corp.ru"
"DEBUG" 4332 "2020-05-04 23:49:35.947" "SMTPClientConnection::~_ParseASCII() - 2"
"DEBUG" 4332 "2020-05-04 23:49:35.962" "SMTPClientConnection::_ParseASCII()"
"SMTPC" 4332 45789 "2020-05-04 23:49:35.962" "94.100.180.31" "RECEIVED: 250 mxs.mail.ru"
"SMTPC" 4332 45789 "2020-05-04 23:49:35.962" "94.100.180.31" "SENT: MAIL FROM:<admin@soft-corp.ru>"
"DEBUG" 4332 "2020-05-04 23:49:35.962" "SMTPClientConnection::~_ParseASCII() - 4"
"DEBUG" 4332 "2020-05-04 23:49:35.994" "SMTPClientConnection::_ParseASCII()"
"SMTPC" 4332 45789 "2020-05-04 23:49:35.994" "94.100.180.31" "RECEIVED: 250 2.0.0 OK"
"DEBUG" 4332 "2020-05-04 23:49:35.994" "SMTPClientConnection::~_ParseASCII() - 6"
"SMTPC" 4332 45789 "2020-05-04 23:49:35.994" "94.100.180.31" "SENT: RCPT TO:<ffvvvv@mail.ru>"
"DEBUG" 4332 "2020-05-04 23:49:36.009" "SMTPClientConnection::_ParseASCII()"
"SMTPC" 4332 45789 "2020-05-04 23:49:36.009" "94.100.180.31" "RECEIVED: 250 Go ahead"
"SMTPC" 4332 45789 "2020-05-04 23:49:36.009" "94.100.180.31" "SENT: DATA"
"DEBUG" 4332 "2020-05-04 23:49:36.009" "SMTPClientConnection::~_ParseASCII() - 7"
"DEBUG" 4332 "2020-05-04 23:49:36.040" "SMTPClientConnection::_ParseASCII()"
"SMTPC" 4332 45789 "2020-05-04 23:49:36.040" "94.100.180.31" "RECEIVED: 354 Go ahead. End your data with <CR><LF>.<CR><LF>"
"DEBUG" 4332 "2020-05-04 23:49:36.040" "SocketConnection::SendFileContents()"
"DEBUG" 4332 "2020-05-04 23:49:36.040" "TransparentTransmissionBuffer::Initialize()"
"DEBUG" 4332 "2020-05-04 23:49:36.040" "SocketConnection::SendFileContents() - E2"
"SMTPC" 4332 45789 "2020-05-04 23:49:36.040" "94.100.180.31" "SENT: [nl]."
"DEBUG" 4332 "2020-05-04 23:49:36.040" "SMTPClientConnection::~_ParseASCII() - 8"
"DEBUG" 4332 "2020-05-04 23:49:36.306" "SMTPClientConnection::_ParseASCII()"
"SMTPC" 4332 45789 "2020-05-04 23:49:36.306" "94.100.180.31" "RECEIVED: 250 OK id=1jVi1w-00041V-3A"
"SMTPC" 4332 45789 "2020-05-04 23:49:36.306" "94.100.180.31" "SENT: QUIT"
"DEBUG" 4332 "2020-05-04 23:49:36.306" "SMTPClientConnection::~_ParseASCII() - 9"
"DEBUG" 4332 "2020-05-04 23:49:36.337" "SMTPClientConnection::_ParseASCII()"
"SMTPC" 4332 45789 "2020-05-04 23:49:36.337" "94.100.180.31" "RECEIVED: 221 OK, bye"
"TCPIP" 4332 "2020-05-04 23:49:36.337" "Disconnecting socket 1448 for session 45789"
"DEBUG" 4332 "2020-05-04 23:49:36.337" "Socket::~Socket(ID: 45789)"
"DEBUG" 3044 "2020-05-04 23:49:36.337" "SD::~_InitiateExternalConnection-5"
"DEBUG" 3044 "2020-05-04 23:49:36.337" "SD::~_DeliverToExternalAccounts-1"
"DEBUG" 3044 "2020-05-04 23:49:36.337" "SD::_CollectDeliveryResult"
"DEBUG" 3044 "2020-05-04 23:49:36.337" "AWStats::LogDeliverySuccess"
"DEBUG" 3044 "2020-05-04 23:49:36.337" "SD::~_CollectDeliveryResult"
"APPLICATION" 3044 "2020-05-04 23:49:36.337" "SMTPDeliverer - Message 11119236: Message delivery thread completed."
Re: hMailserver hacked?
Did you change this step? That way you always require a account password, so unauthenticated mail can not be send
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
Re: hMailserver hacked?
And whatsup with all those rules? Geez, this realy scared the crap out of me 
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup
Re: hMailserver hacked?
Rule loop count ??
SørenR.
Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.
Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.
Re: hMailserver hacked?
hMailserver ALWAYS writes the IP of which ever device is connecting...ffvvvv2 wrote: ↑2020-05-04 23:16I'm not sure and I make a test.
From my ip 80.80.x.x I send mail from admin@soft-corp.ru to other address.
Below is smtp log (sorry, I enable debug logs):
But I can't find ip of sender (80.80.x.x)
I think, this version of HMS don't write sender's ip in logs.
I'm assuming that your router is getting in the middle, and therefore all connections to your hmailserver come from your router - ALL THE MORE reason to require AUTH from that IP.
IS there a reason that you don't update to a newer version of hMailserver?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation