Why is Mail trying to connect to an unknown mail server (and how do I stop it)?

Question

Level 1

1 points

Why is Mail trying to connect to an unknown mail server (and how do I stop it)?

Hi - I'm worried that someone has hacked into my system so that it tries to connect to a fake mail server (perhaps to send spam)? I usually have the activity window open when Mail is running, and noticed that it was trying to connect to an unfamiliar mail server the other day - it was shown as an IP address whereas all the mail servers in my mail accounts have names rather than IP addresses ... so I copied the IP address down and searched for it (196.201.4.6), to find that it is run by malawi.net ... in Africa. I recently upgraded to Mac OS Lion, so initially I had figured that it was showing the mail server address differently, but I couldn't think of any reason that my email servers would be in Malawi!

By now I was getting worried: I checked all my mail accounts to be sure that something had not changed, and confirmed that none of my accounts used this mail server (or mentioned the IP address); and confirmed that the "Connecting to server "196.201.4.6"" activity message only appeared when I first reconnected to the internet (i.e. now when I manually clicked on "get mail") ... which suggests to me that it is a hidden process somewhere?

I don't have a virus checker, but downloaded ClamXav and ran a check on my user folders ... but found nothing.

Any thoughts on what this might be, or - if it is something malicious or externally controlled - how I can remove it?

Thanks - andy

iMac, Mac OS X (10.7.2), MacBook Pro OS 10.7.2 iPhone4 iOS5

Posted on Jan 22, 2012 12:44 PM

Reply

Answer 1

Linc Davis

Level 10

209,739 points

Jan 22, 2012 1:21 PM in response to andyroxhat

Most likely, what's happening is that you're reading an HTML message with links to graphics hosted on a web server at that address. To test this idea, select Mail > Preferences > Viewing and deselect "Display remote images in HTML messages." It's a good idea to leave that box unchecked anyway.

Reply

Answer 2

andyroxhat Author

Level 1

1 points

Jan 23, 2012 12:24 AM in response to Linc Davis

Hi - "display remote images in HTML messages" was already deselected, so I don't think it was an HTML message connecting.

But your response made me wonder about whether it was something else in an old email that was causing the problem - I had a search and found some emails from back in 2006 (when I did some work in Malawi for CARE) that were from the mail server (mailer.malawi.net = 196.201.4.6) that has been appearing. However, I still don't understand why (six years later) Mail is now trying to connect to this server ... I'm pretty sure that it never used to happen (and I have been a full-time Mac user since 2003), as I always have the activity window open and would have noticed, so it is only since I upgraded to Lion last week that it started. Any thoughts? I could delete/archive the old emails, but I would really like to understand what is happening?

Thanks - andy

Reply

Answer 3

Linc Davis

Level 10

209,739 points

Jan 23, 2012 4:52 AM in response to andyroxhat

Select Window > Connection Doctor from the Mail menu bar. Is that server listed?

Reply

Answer 4

andyroxhat Author

Level 1

1 points

Jan 23, 2012 5:01 AM in response to Linc Davis

Connection Doctor was showing the Malawi server (when I looked last week), and it was also listed in my SMTP server list (perhaps from when I connected to their mail server while working in the Malawi office in 2006?) ... so I deleted the 2006 email, and edited the SMTP server list (to remove any servers that were no longer current) ... and that has sorted my problem. Thanks for your help!

Reply